fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix Filter sanitize string deprecated CORE #81

Browse Source
This commit is contained in:
Fernando Ontiveros
2025-04-09 03:26:11 +00:00
parent 9ad5ead4bd
commit 16d3ddafba
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gulliver/system/class.inputfilter.php
View File

@@ -602,13 +602,13 @@ class InputFilter
} }
break; break;
case 'nosql': case 'nosql':
$value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); $value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8');
if (preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i', $value, $matches, PREG_OFFSET_CAPTURE)) { if (preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i', $value, $matches, PREG_OFFSET_CAPTURE)) {
$value = substr($value, 0, $matches[0][1]); $value = substr($value, 0, $matches[0][1]);
} }
break; break;
default: default:
$value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW); $value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8');
} }
return $value; return $value;

4
workflow/engine/controllers/InstallerModule.php
View File

@@ -726,8 +726,8 @@ class InstallerModule extends Controller
$dbText .= sprintf(" define ('DB_REPORT_USER', '%s' );\n", $wfGrantUser); $dbText .= sprintf(" define ('DB_REPORT_USER', '%s' );\n", $wfGrantUser);
$dbText .= sprintf(" define ('DB_REPORT_PASS', '%s' );\n", $wfPass); $dbText .= sprintf(" define ('DB_REPORT_PASS', '%s' );\n", $wfPass);
$requestFlag = $_REQUEST['PARTNER_FLAG']; $requestFlag = $_REQUEST['PARTNER_FLAG'] ?? null;
if (defined('PARTNER_FLAG') || isset($requestFlag)) { if (defined('PARTNER_FLAG') || $requestFlag !== null) {
$dbText .= "\n"; $dbText .= "\n";
$dbText .= " define ('PARTNER_FLAG', " . (defined('PARTNER_FLAG') ? PARTNER_FLAG : (isset($requestFlag) ? $requestFlag : 'false') ) . ");\n"; $dbText .= " define ('PARTNER_FLAG', " . (defined('PARTNER_FLAG') ? PARTNER_FLAG : (isset($requestFlag) ? $requestFlag : 'false') ) . ");\n";
if (!empty($this->systemName)) { if (!empty($this->systemName)) {