diff --git a/ChangeLog b/ChangeLog index 08577d3eb..db85fca09 100755 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ $Source$ Renato Lins . * lib.inc.php3: fixed bug #458009 - Database list with advanced auth., thanks to an anonymous contributor. + * db_readdump.php3, lines 101-104: removed non alphabetic characters from + the beginning of the sql query submitted. 2001-09-03 Marc Delisle * lang/swedish.inc.php3 updates, thanks to Björn T. Hallberg diff --git a/db_readdump.php3 b/db_readdump.php3 index 5e1ed7c17..32d2b4a76 100755 --- a/db_readdump.php3 +++ b/db_readdump.php3 @@ -98,7 +98,10 @@ if ($sql_query != '') { // Only one query to run if ($pieces_count == 1 && !empty($pieces[0]) && $view_bookmark == 0) { - $sql_query = trim($pieces[0]); + // loic1: remove non alphabetic characters from the beginning of the + // query + // $sql_query = trim($pieces[0]); + $sql_query = eregi_replace('^[^a-aA-Z]', '', $pieces[0]); // sql.php3 will stripslash the query if get_magic_quotes_gpc if (get_magic_quotes_gpc() == 1) { $sql_query = addslashes($sql_query);