oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

disabled write actions in SQL macro for security reasons

Browse source
This commit is contained in:
JT Smith 2003-07-01 23:55:45 +00:00
parent 5788df76a8
commit 2c7576bdad
3 changed files with 25 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/WebGUI/Wobject/SQLReport.pm
View file

@ -185,7 +185,7 @@ sub www_view {
WebGUI::ErrorHandler::warn("SQLReport [".$_[0]->get("wobjectId")."] The DSN specified is of an improper format.");
}
if (defined $dbh) {
if ($query =~ /select/i || $query =~ /show/i || $query =~ /describe/i) {
if ($query =~ /^select/i || $query =~ /^show/i || $query =~ /^describe/i) {
$sth = WebGUI::SQL->unconditionalRead($query,$dbh);
unless ($sth->errorCode < 1) {
$errorMessage = $sth->errorMessage;