Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Prevent auth bypass with PostgreSQL connections
Thanks to Emmet Leahy of Sorcery Ltd for reporting this vulnerability
(CVE-2021-3850).

This is a minimalistic approach to patch the issue, to reduce the risk
of causing regressions in the legacy stable branch.

Fixes #793
  • Loading branch information
dregad committed Jan 16, 2022
1 parent 66fb9e5 commit 952de6c
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion drivers/adodb-postgres64.inc.php
Expand Up @@ -51,7 +51,6 @@ function adodb_addslashes($s)
{
$len = strlen($s);
if ($len == 0) return "''";
if (strncmp($s,"'",1) === 0 && substr($s,$len-1) == "'") return $s; // already quoted

return "'".addslashes($s)."'";
}
Expand Down

0 comments on commit 952de6c

Please sign in to comment.