summaryrefslogtreecommitdiffstats
path: root/server/bin/addtodhcp
diff options
context:
space:
mode:
authorRamón M. Gómez <ramongomez@us.es>2020-02-18 13:08:26 +0100
committerRamón M. Gómez <ramongomez@us.es>2020-02-18 13:08:26 +0100
commit18eb8d61584b38a2250981b0a9d06c96e7b6e213 (patch)
tree22df03055b68373ed5b9909d1315336e7225b263 /server/bin/addtodhcp
parentb7bed1cadd303dc5e927b8d6c33306171fe8ff12 (diff)
#958: Avoid SQL injection in `addtodhcp` and `listclientlive`.
Diffstat (limited to 'server/bin/addtodhcp')
-rwxr-xr-xserver/bin/addtodhcp2
1 files changed, 1 insertions, 1 deletions
diff --git a/server/bin/addtodhcp b/server/bin/addtodhcp
index 8aa0651b..039de34d 100755
--- a/server/bin/addtodhcp
+++ b/server/bin/addtodhcp
@@ -50,7 +50,7 @@ done
grep -q "^[ ]*\bsubnet\b" $DHCPCONF || raiseError access "Cannot detect any \"group\" clauses in DHCP configuration file"
grep -q "^[ ]*\bgroup\b" $DHCPCONF && raiseError access "Cannot modify DHCP configuration file with \"group\" clauses"
-[ "$*" ] && WHEREEXPR="WHERE $(echo ${*//\'/\'} | sed -e "s/\('[^']*'\)/nombreaula=\1 OR nombreordenador=\1 OR/g")"
+[ "$*" ] && WHEREEXPR="WHERE $(echo ${*//\'/\\\'} | sed -e "s/\('[^']*'\)/nombreaula=\1 OR nombreordenador=\1 OR/g")"
WHEREEXPR="${WHEREEXPR% OR}"
# Looking for data.