(cp 0649ad3) fixes #1924 protect API user input from SQL injections

This commit is contained in:
plegall
2023-05-29 12:26:51 +02:00
parent 7c1a1afc2d
commit 249bb6c932
4 changed files with 13 additions and 0 deletions
+5
View File
@@ -15,6 +15,11 @@
*/
function ws_groups_getList($params, &$service)
{
if (!preg_match(PATTERN_ORDER, $params['order']))
{
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid input parameter order');
}
$where_clauses = array('1=1');
if (!empty($params['name']))
+5
View File
@@ -29,6 +29,11 @@ function ws_users_getList($params, &$service)
{
global $conf;
if (!preg_match(PATTERN_ORDER, $params['order']))
{
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid input parameter order');
}
$where_clauses = array('1=1');
if (!empty($params['user_id']))