admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FCLT#54933 Filename injection voorkomen

Browse Source 
svn path=/Website/branches/v2018.1/; revision=39368
This commit is contained in:
Koen Reefman
2018-10-11 14:58:22 +00:00
parent 40889e5c92
commit f9478183f1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
APPL/CAD/tek_file_save.asp
View File

@@ -34,7 +34,7 @@ if (cad_tek_key > 0)
{
if (file != "")
sql = "UPDATE cad_tekening"
+ " SET cad_tekening_filenaam = " + safe.quoted_sql(file)
+ " SET cad_tekening_filenaam = " + safe.quoted_sql(safe.filename(file))
+ " WHERE cad_tekening_key = " + cad_tek_key;
else
sql = "DELETE FROM cad_tekening"