Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixed for sql injection
  • Loading branch information
4tikhonov committed Jan 14, 2015
1 parent 592d445 commit 8bdb6fc
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions scripts/etl/custom_import.pl
Expand Up @@ -31,8 +31,8 @@
my $str = $_;
# Prevention from sql injection
$sqlinjection = 0;
$sqlinjection++ if ($str=~/(drop\s+all|drop\s+table)/sxi);
$sqlinjection++ if ($str=~/(alter|create)\s+table/sxi);
$sqlinjection++ if ($str=~/(drop.+all|drop.+table)/sxi);
$sqlinjection++ if ($str=~/(alter|create).+table/sxi);
$sqlinjection++ if ($str=~/^select/sxi);
exit(0) if ($sqlinjection);
if ($str!~/^\".+?\"/)
Expand Down

0 comments on commit 8bdb6fc

Please sign in to comment.