From e998dd2f9cbfe2957484caee79bed2abc0762ec4 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jan=20B=C3=BCren?= Date: Wed, 14 Oct 2015 14:59:13 +0200 Subject: [PATCH] =?utf8?q?3.=20=C3=9Cberarbeitung=20Pr=C3=BCfen=20beim=20S?= =?utf8?q?peichern,=20ob=20Dokument=20ge=C3=A4ndert=20ist?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Verbesserte Regex für API-Aufruf. Gorash Code-QS. Abfangen von SQL-Injections auf API-Ebene (100%) --- SL/Form.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SL/Form.pm b/SL/Form.pm index 2d4bbd8c9..099a6736e 100644 --- a/SL/Form.pm +++ b/SL/Form.pm @@ -2607,7 +2607,7 @@ sub mtime_ischanged { my ($self, $table, $option) = @_; return unless $self->{id}; - croak ("wrong call, no valid table defined") unless $table =~ /(oe|ar|ap|delivery_orders|parts)/; + croak ("wrong call, no valid table defined") unless $table =~ /^(oe|ar|ap|delivery_orders|parts)$/; my $query = "SELECT mtime, itime FROM " . $table . " WHERE id = ?"; my $ref = selectfirst_hashref_query($self, $self->get_standard_dbh, $query, $self->{id}); -- 2.20.1