diff options
author | Ramón M. Gómez <ramongomez@us.es> | 2020-02-18 13:08:26 +0100 |
---|---|---|
committer | Ramón M. Gómez <ramongomez@us.es> | 2020-02-18 13:08:26 +0100 |
commit | 18eb8d61584b38a2250981b0a9d06c96e7b6e213 (patch) | |
tree | 22df03055b68373ed5b9909d1315336e7225b263 /server/bin/addtodhcp | |
parent | b7bed1cadd303dc5e927b8d6c33306171fe8ff12 (diff) |
#958: Avoid SQL injection in `addtodhcp` and `listclientlive`.
Diffstat (limited to 'server/bin/addtodhcp')
-rwxr-xr-x | server/bin/addtodhcp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/server/bin/addtodhcp b/server/bin/addtodhcp index 8aa0651b..039de34d 100755 --- a/server/bin/addtodhcp +++ b/server/bin/addtodhcp @@ -50,7 +50,7 @@ done grep -q "^[ ]*\bsubnet\b" $DHCPCONF || raiseError access "Cannot detect any \"group\" clauses in DHCP configuration file" grep -q "^[ ]*\bgroup\b" $DHCPCONF && raiseError access "Cannot modify DHCP configuration file with \"group\" clauses" -[ "$*" ] && WHEREEXPR="WHERE $(echo ${*//\'/\'} | sed -e "s/\('[^']*'\)/nombreaula=\1 OR nombreordenador=\1 OR/g")" +[ "$*" ] && WHEREEXPR="WHERE $(echo ${*//\'/\\\'} | sed -e "s/\('[^']*'\)/nombreaula=\1 OR nombreordenador=\1 OR/g")" WHEREEXPR="${WHEREEXPR% OR}" # Looking for data. |