From fc0a1c8d6171243c8184f99f506b1bba13a36b25 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Mon, 25 Aug 2014 11:01:07 -0400 Subject: [PATCH] - fixed sql injection regex --- interface/lib/classes/db_mysql.inc.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php index b96b8d0..6609ec9 100644 --- a/interface/lib/classes/db_mysql.inc.php +++ b/interface/lib/classes/db_mysql.inc.php @@ -138,7 +138,7 @@ $chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"'); $string = str_replace('\\\\', '', $string); - $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string); + $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\]?)\\2/is', '$1', $string); $ok = true; if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) { -- Gitblit v1.9.1