Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix sql injection issue
  • Loading branch information
dleffler committed Apr 27, 2020
1 parent ebdc39b commit 67a9c2f
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions framework/modules/eaas/controllers/eaasController.php
Expand Up @@ -80,6 +80,8 @@ public function api() {
$ar->send(); //FIXME this doesn't seem to work correctly in this scenario
} else {
$key = expUnserialize(base64_decode(urldecode($this->params['apikey'])));
preg_match('/[^a-zA-Z_][^a-zA-Z0-9_]*/', $key, $matches);
$key = $matches[0];
$cfg = new expConfig($key);
$this->config = $cfg->config;
if(empty($cfg->id)) {
Expand Down

0 comments on commit 67a9c2f

Please sign in to comment.