-
Russ Fish authored
one SQL injection hole, and shifted detection of probes earlier in a lot of other pages. But some inputs that were marked PAGEARG_STRING should actually be PAGEARG_ANYTHING, since they're text fields where quotes make sense, and are escaped properly in the logic that handles them. approveproject.php3 - message editnodetype.php3 - newattribute_value newnodelog.php3 - log_entry newosid.php3 - description nodecontrol.php3 - startupcmd (node_control strips single-quotes from values.)
ab1761e5