Skip to content

Commit

Permalink
Improve user management
Browse files Browse the repository at this point in the history
  • Loading branch information
@HarveyKandola
HarveyKandola committed Nov 30, 2020
1 parent 9724131 commit 66fcb77
Show file tree
Hide file tree
Showing 6 changed files with 1,221 additions and 1,171 deletions.
10 changes: 3 additions & 7 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,9 @@ All you need to provide is PostgreSQL, Microsoft SQL Server or any MySQL variant

## Latest Release

[Community Edition: v3.8.1](https://github.com/documize/community/releases)
[Community Edition: v3.8.2](https://github.com/documize/community/releases)

[Enterprise Edition: v3.8.1](https://www.documize.com/downloads)

> *We provide frequent product updates for both cloud and self-hosted customers.*
>
> **Harvey Kandola, CEO/Founder @ Documize**
[Enterprise Edition: v3.8.2](https://www.documize.com/downloads)

## OS Support

Expand Down Expand Up @@ -50,7 +46,7 @@ For all database types, Full-Text Search support (FTS) is mandatory.

## Technology Stack

- Go (v1.14.3)
- Go (v1.15.5)
- Ember JS (v3.12.0)

## Authentication Options
Expand Down
50 changes: 50 additions & 0 deletions core/stringutil/sanitize.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
// Copyright 2016 Documize Inc. <legal@documize.com>. All rights reserved.
//
// This software (Documize Community Edition) is licensed under
// GNU AGPL v3 http://www.gnu.org/licenses/agpl-3.0.en.html
//
// You can operate outside the AGPL restrictions by purchasing
// Documize Enterprise Edition and obtaining a commercial license
// by contacting <sales@documize.com>.
//
// https://documize.com

package stringutil

import (
"strings"
)

// CleanDBValue returns like query minus dodgy characters.
func CleanDBValue(filter string) string {
filter = strings.ReplaceAll(filter, " ", "")
filter = strings.ReplaceAll(filter, " ' ", "")
filter = strings.ReplaceAll(filter, "'", "")
filter = strings.ReplaceAll(filter, " ` ", "")
filter = strings.ReplaceAll(filter, "`", "")
filter = strings.ReplaceAll(filter, " \" ", "")
filter = strings.ReplaceAll(filter, "\"", "")
filter = strings.ReplaceAll(filter, " -- ", "")
filter = strings.ReplaceAll(filter, "--", "")
filter = strings.ReplaceAll(filter, ";", "")
filter = strings.ReplaceAll(filter, ":", "")
filter = strings.ReplaceAll(filter, "~", "")
filter = strings.ReplaceAll(filter, "!", "")
filter = strings.ReplaceAll(filter, "#", "")
filter = strings.ReplaceAll(filter, "%", "")
filter = strings.ReplaceAll(filter, "*", "")
filter = strings.ReplaceAll(filter, "\\", "")
filter = strings.ReplaceAll(filter, "/", "")
filter = strings.ReplaceAll(filter, "union select", "")
filter = strings.ReplaceAll(filter, "UNION SELECT", "")
filter = strings.ReplaceAll(filter, " from ", "")
filter = strings.ReplaceAll(filter, " FROM ", "")
filter = strings.ReplaceAll(filter, " OR 1=1 ", "")
filter = strings.ReplaceAll(filter, " OR 1=1 ", "")
filter = strings.ReplaceAll(filter, " = ", "")
filter = strings.ReplaceAll(filter, "=", "")

filter = strings.TrimSpace(filter)

return filter
}
Loading

0 comments on commit 66fcb77

Please sign in to comment.