[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 28/38: DB protect against JS Injection
From: |
dwm |
Subject: |
[Noalyss-commit] [noalyss] 28/38: DB protect against JS Injection |
Date: |
Sun, 18 Feb 2024 07:30:47 -0500 (EST) |
sparkyx pushed a commit to branch devel
in repository noalyss.
commit 0aec7bfd1b3645b3593c0e3c569fff94f7119694
Author: Dany wm <danydb@noalyss.eu>
AuthorDate: Thu Feb 15 20:59:31 2024 +0100
DB protect against JS Injection
---
sql/upgrade.sql | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/sql/upgrade.sql b/sql/upgrade.sql
index e69de29bb..38c2e620c 100644
--- a/sql/upgrade.sql
+++ b/sql/upgrade.sql
@@ -0,0 +1,23 @@
+CREATE OR REPLACE FUNCTION comptaproc.trg_remove_script_tag()
+ RETURNS trigger
+ LANGUAGE plpgsql
+AS $function$
+
+begin
+
+ NEW.agc_comment_raw:= regexp_replace(NEW.agc_comment_raw, '<script',
'scritp', 'i');
+ return NEW;
+
+end;
+$function$
+;
+
+
+create trigger t_remove_script_tag before
+ insert
+ or
+ update
+ on
+ public.action_gestion_comment for each row execute function
comptaproc.trg_remove_script_tag();
+
+
- [Noalyss-commit] [noalyss] 24/38: Nouveau #00022980002298: detail fiche , historique du suivi, (continued)
- [Noalyss-commit] [noalyss] 24/38: Nouveau #00022980002298: detail fiche , historique du suivi, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 35/38: Merge devel, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 09/38: Task #2321: Sécurité : empêcher changement de numéro de pièce, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 16/38: Follow-Up : bug ne peut pas ajouter fichier sur nouvel événement, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 18/38: Fix cosmetic bug : duplicate operation with autoreverse VAT has an VAT amount, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 20/38: Fix : auto numbering receipt, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 21/38: Merge branch 'devel', dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 25/38: cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 37/38: Cosmetic, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 38/38: Upgrade SQL, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 28/38: DB protect against JS Injection,
dwm <=
- [Noalyss-commit] [noalyss] 07/38: SUIVI : ajout prénom, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 14/38: integre changement SQL, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 30/38: redirect via javascript, dwm, 2024/02/18
- [Noalyss-commit] [noalyss] 34/38: Gestion : possibilité de sauvegarder les recherches, dwm, 2024/02/18