Skip to content

Commit 66fcb77

Browse files
HarveyKandolaHarveyKandola
committed
Improve user management
1 parent 9724131 commit 66fcb77

File tree

6 files changed

+1221
-1171
lines changed

6 files changed

+1221
-1171
lines changed

README.md

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,9 @@ All you need to provide is PostgreSQL, Microsoft SQL Server or any MySQL variant
1313

1414
## Latest Release
1515

16-
[Community Edition: v3.8.1](https://github.com/documize/community/releases)
16+
[Community Edition: v3.8.2](https://github.com/documize/community/releases)
1717

18-
[Enterprise Edition: v3.8.1](https://www.documize.com/downloads)
19-
20-
> *We provide frequent product updates for both cloud and self-hosted customers.*
21-
>
22-
> **Harvey Kandola, CEO/Founder @ Documize**
18+
[Enterprise Edition: v3.8.2](https://www.documize.com/downloads)
2319

2420
## OS Support
2521

@@ -50,7 +46,7 @@ For all database types, Full-Text Search support (FTS) is mandatory.
5046

5147
## Technology Stack
5248

53-
- Go (v1.14.3)
49+
- Go (v1.15.5)
5450
- Ember JS (v3.12.0)
5551

5652
## Authentication Options

core/stringutil/sanitize.go

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,50 @@
1+
// Copyright 2016 Documize Inc. <[email protected]>. All rights reserved.
2+
//
3+
// This software (Documize Community Edition) is licensed under
4+
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
5+
//
6+
// You can operate outside the AGPL restrictions by purchasing
7+
// Documize Enterprise Edition and obtaining a commercial license
8+
// by contacting <[email protected]>.
9+
//
10+
// https://documize.com
11+
12+
package stringutil
13+
14+
import (
15+
"strings"
16+
)
17+
18+
// CleanDBValue returns like query minus dodgy characters.
19+
func CleanDBValue(filter string) string {
20+
filter = strings.ReplaceAll(filter, " ", "")
21+
filter = strings.ReplaceAll(filter, " ' ", "")
22+
filter = strings.ReplaceAll(filter, "'", "")
23+
filter = strings.ReplaceAll(filter, " ` ", "")
24+
filter = strings.ReplaceAll(filter, "`", "")
25+
filter = strings.ReplaceAll(filter, " \" ", "")
26+
filter = strings.ReplaceAll(filter, "\"", "")
27+
filter = strings.ReplaceAll(filter, " -- ", "")
28+
filter = strings.ReplaceAll(filter, "--", "")
29+
filter = strings.ReplaceAll(filter, ";", "")
30+
filter = strings.ReplaceAll(filter, ":", "")
31+
filter = strings.ReplaceAll(filter, "~", "")
32+
filter = strings.ReplaceAll(filter, "!", "")
33+
filter = strings.ReplaceAll(filter, "#", "")
34+
filter = strings.ReplaceAll(filter, "%", "")
35+
filter = strings.ReplaceAll(filter, "*", "")
36+
filter = strings.ReplaceAll(filter, "\\", "")
37+
filter = strings.ReplaceAll(filter, "/", "")
38+
filter = strings.ReplaceAll(filter, "union select", "")
39+
filter = strings.ReplaceAll(filter, "UNION SELECT", "")
40+
filter = strings.ReplaceAll(filter, " from ", "")
41+
filter = strings.ReplaceAll(filter, " FROM ", "")
42+
filter = strings.ReplaceAll(filter, " OR 1=1 ", "")
43+
filter = strings.ReplaceAll(filter, " OR 1=1 ", "")
44+
filter = strings.ReplaceAll(filter, " = ", "")
45+
filter = strings.ReplaceAll(filter, "=", "")
46+
47+
filter = strings.TrimSpace(filter)
48+
49+
return filter
50+
}

0 commit comments

Comments
 (0)