Navigation Menu

Skip to content

Commit

Permalink
Fix SQL injection sanitize all $_REQUEST keys
Browse files Browse the repository at this point in the history
  • Loading branch information
@francoisjacquet
francoisjacquet committed Apr 23, 2022
1 parent 81fd18d commit a06112e
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
4 changes: 4 additions & 0 deletions CHANGES.md
View file
@@ -1,6 +1,10 @@
# CHANGES
## RosarioSIS Student Information System

Changes in 8.9.4
----------------
- Fix SQL injection sanitize all `$_REQUEST` keys in Warehouse.php, thanks to @nhienit2010

Changes in 8.9.3
----------------
- Fix stored XSS security issue: do not allow unsanitized SVG in FileUpload.fnc.php, thanks to @scgajge12 & @crowdoverflow
Expand Down
8 changes: 4 additions & 4 deletions Warehouse.php
View file
Expand Up @@ -191,11 +191,11 @@ function array_rwalk( &$array, $function )
if ( is_array( $array[$key[$i]] ) )
{
array_rwalk( $array[$key[$i]], $function );

continue;
}

$array[$key[$i]] = $function( $array[$key[$i]] );
else
{
$array[$key[$i]] = $function( $array[$key[$i]] );
}

// Key is also passed through $function function.
$fkey = $function( $key[$i] );
Expand Down

0 comments on commit a06112e

Please sign in to comment.