diff options
| author | Thomas Steur <tsteur@users.noreply.github.com> | 2019-05-06 00:20:41 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-05-06 00:20:41 +0300 |
| commit | c316594c47c0b52a79f1177dbecf55ef532d64c9 (patch) | |
| tree | 887169649fa8b3e68a85ead08f15481101ac2e5a /core | |
| parent | 36bfbcf6023cfcddee91e9f8050fb0e3e7e45d9b (diff) | |
Fix build for failing integration test purger (#14407)
I added a ctype_xdigit test to 100% prevent injections but then noticed the tests use also some other letters. Could restrict the preg_match to `a-f` but using `A-Z` makes the tests a bit more readable and is as safe
Diffstat (limited to 'core')
| -rw-r--r-- | core/DataAccess/Model.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/core/DataAccess/Model.php b/core/DataAccess/Model.php index fe8c26d598..0af2b2252b 100644 --- a/core/DataAccess/Model.php +++ b/core/DataAccess/Model.php @@ -368,7 +368,7 @@ class Model // segments are md5 hashes and such not a problem re sql injection. for performance etc we don't want to use // bound parameters for the query foreach ($segments as $segment) { - if (!ctype_xdigit($segment)) { + if (!preg_match('/^[a-z0-9A-Z]+$/', $segment)) { throw new Exception($segment . ' expected to be an md5 hash'); } } |