首頁 探索 說明
登入
Kamailio
/
kamailio
镜像来自 https://github.com/kamailio/kamailio.git
2
0
複刻 0
Files 問題管理 0 Wiki
瀏覽代碼

secfilter: fix w_check_sqli(). Character '#' could be used in URI header. Its use should not be considered as an SQL injection attack

Jose Luis Verdeguer 6 年之前
父節點
7c078c7947
當前提交
f47bd8b8c4
共有 1 個文件被更改,包括 1 次插入1 次删除
統一視圖 顯示文件統計
  1. 1 1
      src/modules/secfilter/secfilter.c

+ 1 - 1
src/modules/secfilter/secfilter.c
查看文件 

@@ -265,7 +265,7 @@ static int w_check_sqli(str val)
 
 	memcpy(cval, val.s, val.len);
 
 	memcpy(cval, val.s, val.len);
 
 
 
 	if(strstr(cval, "'") || strstr(cval, "\"") || strstr(cval, "--")
 
 	if(strstr(cval, "'") || strstr(cval, "\"") || strstr(cval, "--")
 
-			|| strstr(cval, "#") || strstr(cval, "%27") || strstr(cval, "%24")
 
+			|| strstr(cval, "%27") || strstr(cval, "%24")
 
 			|| strstr(cval, "%60")) {
 
 			|| strstr(cval, "%60")) {
 
 		/* Illegal characters found */
 
 		/* Illegal characters found */
 
 		res = -1;
 
 		res = -1;