[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [13895] block sql-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [13895] block sql-injection |
Date: |
Tue, 15 Sep 2015 07:05:47 +0000 |
Revision: 13895
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=13895
Author: sigurdne
Date: 2015-09-15 07:05:47 +0000 (Tue, 15 Sep 2015)
Log Message:
-----------
block sql-injection
Modified Paths:
--------------
trunk/booking/inc/class.socompleted_reservation_export_file.inc.php
Modified: trunk/booking/inc/class.socompleted_reservation_export_file.inc.php
===================================================================
--- trunk/booking/inc/class.socompleted_reservation_export_file.inc.php
2015-09-15 07:05:05 UTC (rev 13894)
+++ trunk/booking/inc/class.socompleted_reservation_export_file.inc.php
2015-09-15 07:05:47 UTC (rev 13895)
@@ -225,10 +225,18 @@
# }
}
- $this->db_query(
- join(";\n", $export_conf_updates),
- __LINE__, __FILE__
- );
+ /**
+ * Sigurd: block SQL-injection by not allowing
multiple statements in one query
+ */
+ foreach($export_conf_updates as $sql)
+ {
+ $this->db_query($sql,__LINE__,
__FILE__);
+ }
+
+// $this->db_query(
+// join(";\n", $export_conf_updates),
+// __LINE__, __FILE__
+// );
if ($this->db->transaction_commit()) {
return $entity_export_files;
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [13895] block sql-injection,
Sigurd Nes <=