blackicedbear/FHC-Core
1
0
Fork 0
mirror of https://github.com/FH-Complete/FHC-Core.git synced 2026-06-01 12:19:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Diverse SQL-Injection Lücken geschlossen

Browse Source
This commit is contained in:
Andreas Österreicher
2014-12-01 10:07:21 +00:00
parent 9325ebecbf
commit f670f45d2f
87 changed files with 4310 additions and 2015 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/dms.class.php
+3 -3
View File
@@ -633,11 +633,11 @@ class dms extends basis_db
public function search($suchstring)
{
$qry = "SELECT * FROM campus.tbl_dms JOIN campus.tbl_dms_version USING(dms_id)
WHERE lower(name) like lower('%".addslashes($suchstring)."%')
OR lower(beschreibung) like lower('%".addslashes($suchstring)."%')
WHERE lower(name) like lower('%".$this->db_escape($suchstring)."%')
OR lower(beschreibung) like lower('%".$this->db_escape($suchstring)."%')
";
if (is_numeric($suchstring))
$qry.= "OR dms_id = ".addslashes($suchstring)."";
$qry.= "OR dms_id = ".$this->db_escape($suchstring)."";
$qry.=";";