[FIX] Swift SQL Injection Problem

[Obey]

Well, as you may know, a lot of hotels have been attacked the last few days.
I make a fast (because of urgency) fix for it, I'm not a pro, and I really hope somebody better than me make it (or at least a better filter).

First of all, go to your ButterflyEnvironment.cs, and below of
PHP Code:

internal static class ButterflyEnvironment {

Insert:
PHP Code:

public static string DeletePossiblyTreat(string PopFixedString)
{
List<string> blackwords = new List<string>(); blackwords.Add("DROP TABLE"); blackwords.Add("rank="); blackwords.Add("TRUNCATE"); blackwords.Add("DELETE FROM"); blackwords.Add("SELECT ("); blackwords.Add("SELECT *"); blackwords.Add("INSERT INTO"); blackwords.Add("UPDATE"); blackwords.Add("CREATE"); blackwords.Add("RENAME");
foreach (string cont in blackwords)
{
if (PopFixedString.ToLower().Contains(cont.ToLower()))
{ PopFixedString = "*bobba*";
}
}
return PopFixedString;
}

Now, you will go to Messages/ClientMessage.cs
Search by internal string PopFixedString(), replace by
PHP Code:

internal string PopFixedString()
{
return ButterflyEnvironment.DeletePossiblyTreat(this.PopFixedString(ButterflyEnvironment.GetDefaultEncoding()));
}

Then, search by internal string PopFixedString(Encoding encoding) replace by:
PHP Code:

internal string PopFixedString(Encoding encoding)
{
return ButterflyEnvironment.DeletePossiblyTreat(encoding.GetString(this.ReadFixedValue()));
}

That will prevent any kind of SQL Injection, but will have some problems... That is because I wish to have somebody to make it better. The filter ISN'T perfect, because if you say TRUNCATE, for example, will be replaced for *bobba*.

( P.S - Got this off another forum and sharing it for people who want to use it. Please leave a like. )

Consider it as a temporaly fix.

 

[Tiny]

Thanks but can you do it for Phoenix too>