Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
377ce67b
Commit
377ce67b
authored
Mar 28, 2007
by
Russ Fish
Browse files
Add the probe catcher, harmless if not probing.
parent
37a342a1
Changes
1
Hide whitespace changes
Inline
Side-by-side
www/dbdefs.php3.in
View file @
377ce67b
...
...
@@ -648,6 +648,19 @@ function DBQuery($query)
global
$DBErrorString
;
global
$DBlinkid
;
# Support for SQL-injection vulnerability checking. Labeled probe strings
# should be caught in page input argument checking before they get here.
$lbl
=
strpos
(
$query
,
"**{"
);
if
(
$lbl
!==
FALSE
)
{
$end
=
strpos
(
$query
,
"}**"
)
+
3
;
# Look for a preceeding single quote, and see if it's backslashed.
if
(
substr
(
$query
,
$lbl
-
1
,
1
)
==
"'"
)
{
$lbl
--
;
if
(
substr
(
$query
,
$lbl
-
1
,
1
)
==
'\\'
)
$lbl
--
;
}
USERERROR
(
"Probe label: "
.
substr
(
$query
,
$lbl
,
$end
-
$lbl
),
1
);
}
$result
=
mysql_query
(
$query
,
$DBlinkid
);
if
(
!
$result
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment