diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2020-03-05 23:34:49 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2020-03-05 23:34:49 +0300 |
commit | 6b9b2601d8af916659cde8aefd3a6eaadd10284a (patch) | |
tree | f7e5485cb9c5d0608d40c1d2a4c697b867f69be9 /tbl_get_field.php | |
parent | 09c89bab7518dea609f45df15a0cdfcc7dc3f525 (diff) |
Add where_clause check in tbl_get_field.php
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
Diffstat (limited to 'tbl_get_field.php')
-rw-r--r-- | tbl_get_field.php | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tbl_get_field.php b/tbl_get_field.php index 975102790b..1141fb04d6 100644 --- a/tbl_get_field.php +++ b/tbl_get_field.php @@ -38,6 +38,14 @@ if (!$GLOBALS['dbi']->getColumns($db, $table)) { PhpMyAdmin\Util::mysqlDie(__('Invalid table name')); } +if (! isset($_GET['where_clause']) + || ! isset($_GET['where_clause_sign']) + || ! Core::checkSqlQuerySignature($_GET['where_clause'], $_GET['where_clause_sign']) +) { + Core::fatalError(__('There is an issue with your request.')); + exit; +} + /* Grab data */ $sql = 'SELECT ' . PhpMyAdmin\Util::backquote($_GET['transform_key']) . ' FROM ' . PhpMyAdmin\Util::backquote($table) |