Skip to content

Commit fc0a1c8

Browse files
author
Marius Cramer
committed
- fixed sql injection regex
1 parent f9529b3 commit fc0a1c8

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

interface/lib/classes/db_mysql.inc.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ private function securityScan($string) {
138138
$chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"');
139139

140140
$string = str_replace('\\\\', '', $string);
141-
$string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string);
141+
$string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\]?)\\2/is', '$1', $string);
142142
$ok = true;
143143

144144
if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) {

0 commit comments

Comments
 (0)