added protection mechanism against reflected values

2026-01-30 10:09:03 +00:00 · 2011-02-24 16:52:46 +00:00
parent 38dc82e13e
commit 708ddf5608
2 changed files with 12 additions and 0 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -265,3 +265,6 @@ MYSQL_ERROR_CHUNK_LENGTH = 50

 # Do not unescape the injected statement if it contains any of the following SQL words
 EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREATE ", "BULK ", "EXEC ", "RECONFIGURE ", "DECLARE ", CHAR_INFERENCE_MARK)
+
+# Mark used for replacement of reflected values
+REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'