Skip to content
Snippets Groups Projects
Commit 2ac06a87 authored by Regis Houssin's avatar Regis Houssin
Browse files

Fix: sql injection

parent 20031913
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 2 additions and 8 deletions
htdocs/main.inc.php
+ 2
8
View file @ 2ac06a87
...@@ -73,6 +73,7 @@ function test_sql_and_script_inject($val) ...@@ -73,6 +73,7 @@ function test_sql_and_script_inject($val)
$sql_inj += preg_match('/update.+set.+=/i', $val); $sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert[\s]+into/i', $val); $sql_inj += preg_match('/insert[\s]+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val); $sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/<script/i', $val); $sql_inj += preg_match('/<script/i', $val);
return $sql_inj; return $sql_inj;
} }
...@@ -857,7 +858,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs ...@@ -857,7 +858,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
$mini='';$ext='.js'; $mini='';$ext='.js';
if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x01)) { $mini='_mini'; $ext='.jgz'; } // mini='_mini', ext='.gz' if (isset($conf->global->MAIN_OPTIMIZE_SPEED) && ($conf->global->MAIN_OPTIMIZE_SPEED & 0x01)) { $mini='_mini'; $ext='.jgz'; } // mini='_mini', ext='.gz'
// JQuery. Must be before other includes (prototype/scriptaculous) // JQuery. Must be before other includes (prototype/scriptaculous/...)
print '<!-- Includes for JQuery -->'."\n"; print '<!-- Includes for JQuery -->'."\n";
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-1.4.3.min'.$ext.'"></script>'."\n"; print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-1.4.3.min'.$ext.'"></script>'."\n";
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui-1.8.5.custom.min'.$ext.'"></script>'."\n"; print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/js/jquery-ui-1.8.5.custom.min'.$ext.'"></script>'."\n";
...@@ -868,13 +869,6 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs ...@@ -868,13 +869,6 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
{ {
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/layout/jquery.layout-latest'.$ext.'"></script>'."\n"; print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/jquery/plugins/layout/jquery.layout-latest'.$ext.'"></script>'."\n";
} }
// This one is required for some Ajax features
if (! empty($conf->global->MAIN_USE_PROTOTYPE))
{
print '<!-- Includes for Prototype -->'."\n";
print '<script type="text/javascript" src="'.DOL_URL_ROOT.'/includes/scriptaculous/lib/prototype'.$mini.$ext.'"></script>'."\n";
}
} }
// Output module javascript // Output module javascript
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment