Skip to content

Commit 952de6c

Browse files
committed
Prevent auth bypass with PostgreSQL connections
Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability (CVE-2021-3850). This is a minimalistic approach to patch the issue, to reduce the risk of causing regressions in the legacy stable branch. Fixes #793
1 parent 66fb9e5 commit 952de6c

File tree

1 file changed

+0
-1
lines changed

1 file changed

+0
-1
lines changed

Diff for: drivers/adodb-postgres64.inc.php

-1
Original file line numberDiff line numberDiff line change
@@ -51,7 +51,6 @@ function adodb_addslashes($s)
5151
{
5252
$len = strlen($s);
5353
if ($len == 0) return "''";
54-
if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted
5554

5655
return "'".addslashes($s)."'";
5756
}

0 commit comments

Comments
 (0)