one more level of defense against user himself

2025-12-06 20:51:31 +00:00 · 2012-01-07 17:16:14 +00:00
parent a675c88894
commit 2b5e429dc2
2 changed files with 7 additions and 3 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -373,6 +373,9 @@ ITOA64 = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
 # Chars used to quickly distinguish if the user provided tainted parameter values
 DUMMY_SQL_INJECTION_CHARS = ";()'"

+# Simple check against dummy users
+DUMMY_USER_INJECTION = "(?i)[^\w](AND|OR)\s+[^\s]+[=><]"
+
 # Extensions skipped by crawler
 CRAWL_EXCLUDE_EXTENSIONS = ("gif","jpg","jar","tif","bmp","war","ear","mpg","wmv","mpeg","scm","iso","dmp","dll","cab","so","avi","bin","exe","iso","tar","png","pdf","ps","mp3","zip","rar","gz")