Changeset 988 for branches/branch-1_5/include/functions_category.inc.php

Timestamp:

Dec 25, 2005, 11:34:44 PM (18 years ago)

Author:

plg

Message:

bug 246 fixed : GET parameter "search" is not completely checked before
usage in SQL queries. Simple check : if a ";" if found, execution stops.

File:

• branches/branch-1_5/include/functions_category.inc.php (modified) (1 diff)

branches/branch-1_5/include/functions_category.inc.php

@@ -382 +382 @@
       if ( $page['cat'] == 'search' )
       {
+        // SQL injection hacking attempt?
+        if (strpos($_GET['search'], ';') !== false)
+        {
+          die('Hacking attempt on "search" GET parameter');
+        }
+        
         // analyze search string given in URL (created in search.php)
         $tokens = explode('|', $_GET['search']);