fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

PM-1918

Browse Source 
La instalacion de PM se queda congelada debido a las correcciones a las injecciones SQL y XSS

error de sintaxis
This commit is contained in:
marcelo.cuiza
2015-03-23 18:44:23 -04:00
parent 4256226ad4
commit 871440a7df
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
workflow/engine/controllers/installer.php
View File

@@ -1285,7 +1285,7 @@ class Installer extends Controller
} }
$db_username = $filter->validateInput($db_username, 'nosql'); $db_username = $filter->validateInput($db_username, 'nosql');
$db_hostname = $filter->validateInput($db_hostname, 'nosql'); $db_hostname = $filter->validateInput($db_hostname, 'nosql');
$query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%'\") "; $query = "SELECT * FROM `information_schema`.`USER_PRIVILEGES` where (GRANTEE = \"'%s'@'%s'\" OR GRANTEE = \"'%s'@'%%'\") ";
$query = $filter->preventSqlInjection($query, array($db_username, $db_hostname, $db_username)); $query = $filter->preventSqlInjection($query, array($db_username, $db_hostname, $db_username));
$res = @mysql_query( $query, $link ); $res = @mysql_query( $query, $link );
$row = @mysql_fetch_array( $res ); $row = @mysql_fetch_array( $res );