mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-05 16:27:38 +02:00
Code Issues Releases Wiki Activity

Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8967 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2008-10-02 12:04:12 +00:00
parent ed4797bb4e
commit 2c1d80c75a
6 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
phpBB/includes/functions.php
View File

@@ -32,7 +32,7 @@ function set_var(&$result, $var, $type, $multibyte = false)
if ($type == 'string')
{
$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r"), array("\n", "\n"), $result), ENT_COMPAT, 'UTF-8'));
$result = trim(htmlspecialchars(str_replace(array("\r\n", "\r", "\0"), array("\n", "\n", ''), $result), ENT_COMPAT, 'UTF-8'));
if (!empty($result))
{