admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FCLT#54901 Computest Pentest 4.2.4

Browse Source 
svn path=/Website/trunk/; revision=39406
This commit is contained in:
Alex Tiehuis
2018-10-15 15:38:08 +00:00
parent 981f1b70fc
commit e3efc26f72
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
APPL/Shared/m_connections.inc
View File

@@ -88,9 +88,16 @@ function SafeExec( sql, catchErrors ) {
else
__Log("Foutcode: " + _LastFacError.faccode + " niet gevonden in fac_message");
}
// only for messages that start with ORA-ddddd:
if (RegExp(/^ORA-\d*:\s/).test(_LastFacError.friendlyMsg)) // prevent hacker-usable ORA- information in friendlyMsg
{
_LastFacError.friendlyMsg = _LastFacError.friendlyMsg.replace(/^ORA-\d*:\s/,"").replace(/\"{1}\w*\.{0,1}\w*\"{1}.{0,1}|\({1}\w*\.{0,1}\w*\){1}.{0,1}/g,"");
// _____________ _____________________________ _____________________________
// remove string "ORA-ddddd: " | | |
// | |
// remove strings with db fields eg "COMP_TEST"."INS_SRTKENMERK"."INS_SRTKENMERKTYPE" | |
// |
// remove strings with constraint/trigger names enclosed in Parentheses eg (INS_T_INS_SRTKENMERK_B_IU) |
}
if (!knownError)
{