• Russ Fish's avatar
    When I fixed the regexp in PAGEARG_STRING that checks for quotes, it plugged · ab1761e5
    Russ Fish authored
    one SQL injection hole, and shifted detection of probes  earlier in a lot
    of other pages.  But some inputs that were marked PAGEARG_STRING should
    actually be PAGEARG_ANYTHING, since they're text fields where quotes make
    sense, and are escaped properly in the logic that handles them.
    
      approveproject.php3 - message
      editnodetype.php3 - newattribute_value
      newnodelog.php3 - log_entry
      newosid.php3 - description
      nodecontrol.php3 - startupcmd (node_control strips single-quotes from values.)
    ab1761e5
nodecontrol.php3 2.49 KB