fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix Filter sanitize string deprecated CORE #81

Browse Source
This commit is contained in:
Fernando Ontiveros
2025-04-09 03:26:11 +00:00
parent 9ad5ead4bd
commit 16d3ddafba
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
gulliver/system/class.inputfilter.php
View File

@@ -602,13 +602,13 @@ class InputFilter
}
break;
case 'nosql':
$value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8');
if (preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i', $value, $matches, PREG_OFFSET_CAPTURE)) {
$value = substr($value, 0, $matches[0][1]);
}
break;
default:
$value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$value = htmlspecialchars(trim($value), ENT_QUOTES, 'UTF-8');
}
return $value;

4
workflow/engine/controllers/InstallerModule.php
View File

@@ -726,8 +726,8 @@ class InstallerModule extends Controller
$dbText .= sprintf(" define ('DB_REPORT_USER', '%s' );\n", $wfGrantUser);
$dbText .= sprintf(" define ('DB_REPORT_PASS', '%s' );\n", $wfPass);
$requestFlag = $_REQUEST['PARTNER_FLAG'];
if (defined('PARTNER_FLAG') || isset($requestFlag)) {
$requestFlag = $_REQUEST['PARTNER_FLAG'] ?? null;
if (defined('PARTNER_FLAG') || $requestFlag !== null) {
$dbText .= "\n";
$dbText .= " define ('PARTNER_FLAG', " . (defined('PARTNER_FLAG') ? PARTNER_FLAG : (isset($requestFlag) ? $requestFlag : 'false') ) . ");\n";
if (!empty($this->systemName)) {