From 0e299f7166f2e79f7639bb58a05073d06641269f Mon Sep 17 00:00:00 2001 From: DanieL Date: Tue, 31 Jan 2023 15:54:03 -0300 Subject: [PATCH] https://github.com/WWBN/AVideo/security/advisories/GHSA-pgvh-p3g4-86jw --- install/checkConfiguration.php | 2 +- objects/security.php | 4 ++-- updatedb/updateDb.v12.4.sql | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 updatedb/updateDb.v12.4.sql diff --git a/install/checkConfiguration.php b/install/checkConfiguration.php index 482912388a..e2fd2850d7 100644 --- a/install/checkConfiguration.php +++ b/install/checkConfiguration.php @@ -4,7 +4,7 @@ if (file_exists("../videos/configuration.php")) { exit; } -$installationVersion = "12.3"; +$installationVersion = "12.4"; error_log("Installation: ".__LINE__." ". json_encode($_POST)); header('Content-Type: application/json'); diff --git a/objects/security.php b/objects/security.php index 7ee7338796..e96322a920 100644 --- a/objects/security.php +++ b/objects/security.php @@ -80,12 +80,12 @@ foreach ($scanVars as $value) { if (!empty($scanThis[$value])) { if (is_string($scanThis[$value])) { $scanThis[$value] = fixQuotesIfSafari($scanThis[$value]); - $scanThis[$value] = str_replace("'", "", trim($scanThis[$value])); + $scanThis[$value] = str_replace(array("'","`"), array('', ''), trim($scanThis[$value])); } elseif (is_array($scanThis[$value])) { foreach ($scanThis[$value] as $key => $value2) { if (is_string($scanThis[$value][$key])) { $scanThis[$value] = fixQuotesIfSafari($scanThis[$value]); - $scanThis[$value][$key] = str_replace("'", "", trim($scanThis[$value][$key])); + $scanThis[$value][$key] = str_replace(array("'","`"), array('', ''), trim($scanThis[$value][$key])); } } } diff --git a/updatedb/updateDb.v12.4.sql b/updatedb/updateDb.v12.4.sql new file mode 100644 index 0000000000..2c2452f197 --- /dev/null +++ b/updatedb/updateDb.v12.4.sql @@ -0,0 +1 @@ +UPDATE configurations SET version = '12.4', modified = now() WHERE id = 1; \ No newline at end of file