From 8c3158cf28a6711d61fd8b3dacccc6ad746be8d0 Mon Sep 17 00:00:00 2001
From: Regis Houssin <regis@dolibarr.fr>
Date: Mon, 9 Apr 2012 22:49:19 +0200
Subject: [PATCH] Fix: sql injection

---
 htdocs/admin/tools/export.php     | 2 +-
 htdocs/core/lib/functions.lib.php | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php
index 1b65caf280f..c471e60423e 100644
--- a/htdocs/admin/tools/export.php
+++ b/htdocs/admin/tools/export.php
@@ -127,7 +127,7 @@ if ($what == 'mysql')
     if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port;
     if (! GETPOST("use_transaction"))    $param.=" -l --single-transaction";
     if (GETPOST("disable_fk"))           $param.=" -K";
-    if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","alpha");
+    if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","special");
     if (GETPOST("drop_database"))        $param.=" --add-drop-database";
     if (GETPOST("sql_structure"))
     {
diff --git a/htdocs/core/lib/functions.lib.php b/htdocs/core/lib/functions.lib.php
index 93710e6602d..b5832858353 100644
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@@ -194,6 +194,12 @@ function GETPOST($paramname,$check='',$method=0)
     		// '../' is dangerous because it allows dir transversals
 		    if (preg_match('/"/',$out)) $out='';
 			else if (preg_match('/\.\.\//',$out)) $out='';
+			else if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
+		}
+		elseif ($check == 'special')
+		{
+			$out=trim($out);
+			if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
 		}
 		elseif ($check == 'array')
 		{
-- 
GitLab