diff options
author | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2021-04-27 07:17:30 +0000 |
---|---|---|
committer | Fernando ApesteguĂa <fernape@FreeBSD.org> | 2021-04-27 13:45:53 +0000 |
commit | f9372d01e096cb391b3ebc5cd69d7bebd640b5e9 (patch) | |
tree | dbf667639afb3145a93935a44a3bcb191a1cde63 /www/hiawatha | |
parent | dd0399efb00ed11ec8f58f8f457719cd68e5b379 (diff) | |
download | ports-f9372d01e096cb391b3ebc5cd69d7bebd640b5e9.tar.gz ports-f9372d01e096cb391b3ebc5cd69d7bebd640b5e9.zip |
Diffstat (limited to 'www/hiawatha')
-rw-r--r-- | www/hiawatha/files/patch-src_session.c | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/www/hiawatha/files/patch-src_session.c b/www/hiawatha/files/patch-src_session.c new file mode 100644 index 000000000000..f095434683f9 --- /dev/null +++ b/www/hiawatha/files/patch-src_session.c @@ -0,0 +1,27 @@ +--- src/session.c.orig 2021-04-27 07:15:50 UTC ++++ src/session.c +@@ -33,15 +33,15 @@ + static const struct { + const char *text; + } sqli_detection[] = { +- {"'\\s*(;\\s*)?--(\\s|')"}, +- {"\\s+(and|or|xor|&&|\\|\\|)\\s*\\(?\\s*('|[0-9]|`?[a-z\\._-]+`?\\s*(=|like)|[a-z]+\\s*\\()"}, +- {"\\s+(not\\s+)?in\\s*\\(\\s*['0-9]"}, +- {"union(\\s+all)?(\\s*\\(\\s*|\\s+)select(`|\\s)"}, +- {"select(\\s*`|\\s+)(\\*|[a-z0-9_\\, ]*)(`\\s*|\\s+)from(\\s*`|\\s+)[a-z0-9_\\.]*"}, +- {"insert\\s+into(\\s*`|\\s+).*(`\\s*|\\s+)(values\\s*)?\\(.*\\)"}, +- {"update(\\s*`|\\s+)[a-z0-9_\\.]*(`\\s*|\\s+)set(\\s*`|\\s+).*="}, +- {"delete\\s+from(\\s*`|\\s+)[a-z0-9_\\.]*`?"}, +- {"extractvalue\\s*\\(\\s*[0-9'\"@]"}, ++ {"'[[:space:]]*(;[[:space:]]*)?--([[:space:]]|')"}, ++ {"[[:space:]]+(and|or|xor|&&|\\|\\|)[[:space:]]*\\(?[[:space:]]*('|[0-9]|`?[a-z\\._-]+`?[[:space:]]*(=|like)|[a-z]+[[:space:]]*\\()"}, ++ {"[[:space:]]+(not[[:space:]]+)?in[[:space:]]*\\([[:space:]]*['0-9]"}, ++ {"union([[:space:]]+all)?([[:space:]]*\\([[:space:]]*|[[:space:]]+)select(`|[[:space:]])"}, ++ {"select([[:space:]]*`|[[:space:]]+)(\\*|[a-z0-9_\\, ]*)(`[[:space:]]*|[[:space:]]+)from([[:space:]]*`|[[:space:]]+)[a-z0-9_\\.]*"}, ++ {"insert[[:space:]]+into([[:space:]]*`|[[:space:]]+).*(`[[:space:]]*|[[:space:]]+)(values[[:space:]]*)?\\(.*\\)"}, ++ {"update([[:space:]]*`|[[:space:]]+)[a-z0-9_\\.]*(`[[:space:]]*|[[:space:]]+)set([[:space:]]*`|[[:space:]]+).*="}, ++ {"delete[[:space:]]+from([[:space:]]*`|[[:space:]]+)[a-z0-9_\\.]*`?"}, ++ {"extractvalue[[:space:]]*\\([[:space:]]*[0-9'\"@]"}, + {NULL} + }; + |