From f1ab4178f13b7f2dcf8e890fa3d9a05c06107ae0 Mon Sep 17 00:00:00 2001
From: Florian Azizian <florian.azizian@maarch.org>
Date: Mon, 9 Feb 2015 13:20:52 +0000
Subject: [PATCH] FIX #1943 remove some characters

---
 .../core/class/web_service/class_web_service.php   | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/core/trunk/core/class/web_service/class_web_service.php b/core/trunk/core/class/web_service/class_web_service.php
index 99415192095..074287d16cd 100644
--- a/core/trunk/core/class/web_service/class_web_service.php
+++ b/core/trunk/core/class/web_service/class_web_service.php
@@ -169,8 +169,20 @@ class webService {
                 $_SESSION['user']['UserId'] = $_SERVER["PHP_AUTH_USER"];
                 $password = $_SERVER["PHP_AUTH_PW"];
             }
+
+            $userID = str_replace('\'', '', $_SESSION['user']['UserId']);
+            $userID = str_replace('=', '', $userID);
+            $userID = str_replace('"', '', $userID);
+            $userID = str_replace('*', '', $userID);
+            $userID = str_replace(';', '', $userID);
+            $userID = str_replace('--', '', $userID);
+            $userID = str_replace(',', '', $userID);
+            $userID = str_replace('$', '', $userID);
+            $userID = str_replace('>', '', $userID);
+            $userID = str_replace('<', '', $userID);
+
             $connexion->query("select * from " . $_SESSION['tablename']['users']
-                . " where user_id = '" . $_SESSION['user']['UserId']
+                . " where user_id = '" . $userID
                 . "' and password = '" . md5($password) . "' and STATUS <> 'DEL'");
             //$connexion->show();exit;
             if ($connexion->nb_result() > 0) {
-- 
GitLab