[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 31/38: DB protect against JS Injection
|
From: |
dwm |
|
Subject: |
[Noalyss-commit] [noalyss] 31/38: DB protect against JS Injection |
|
Date: |
Sun, 18 Feb 2024 07:30:47 -0500 (EST) |
sparkyx pushed a commit to branch devel
in repository noalyss.
commit ae83ccbda35b8c9aca3b123dd196b2cc67ec9289
Author: Dany wm <danydb@noalyss.eu>
AuthorDate: Thu Feb 15 20:59:31 2024 +0100
DB protect against JS Injection
---
sql/upgrade.sql | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index e69de29bb..38c2e620c 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -0,0 +1,23 @@
+CREATE OR REPLACE FUNCTION comptaproc.trg_remove_script_tag()
+ RETURNS trigger
+ LANGUAGE plpgsql
+AS $function$
+
+begin
+
+ NEW.agc_comment_raw:= regexp_replace(NEW.agc_comment_raw, '<script',
'scritp', 'i');
+ return NEW;
+
+end;
+$function$
+;
+
+
+create trigger t_remove_script_tag before
+ insert
+ or
+ update
+ on
+ public.action_gestion_comment for each row execute function
comptaproc.trg_remove_script_tag();
+
+
- [Noalyss-commit] [noalyss] 29/38: cosmetic, (continued)
- [Noalyss-commit] [noalyss] 29/38: cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 10/38: Filtre ne fonctionne pas tva_search_id est vide, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 11/38: Sécurité : bloquer le changement de date des opérations, Renforce mode strict : change de date impossible, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 17/38: FOLLOWUP : nom contact pas affiché, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 23/38: Merge branch 'devel', dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 13/38: FOLLOWUP : Cosmetic nombre pièces, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 22/38: Fix : auto numbering receipt, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 32/38: cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 36/38: Fix : Bug cannot filter a list of element, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 27/38: Nouvelle fonction pour ajouter des attributs à un élément DOM, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 31/38: DB protect against JS Injection,
dwm <=
- [Noalyss-commit] [noalyss] 24/38: Nouveau #00022980002298: detail fiche , historique du suivi, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 35/38: Merge devel, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 09/38: Task #2321: Sécurité : empêcher changement de numéro de pièce, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 16/38: Follow-Up : bug ne peut pas ajouter fichier sur nouvel événement, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 18/38: Fix cosmetic bug : duplicate operation with autoreverse VAT has an VAT amount, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 20/38: Fix : auto numbering receipt, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 21/38: Merge branch 'devel', dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 25/38: cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 37/38: Cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 38/38: Upgrade SQL, dwm, 2024/02/18