Catch more SQL injection attempts

nigelhorne · Feb 10, 2024 · a24576d · a24576d
1 parent 2d30012
commit a24576d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/CGI/Info.pm b/lib/CGI/Info.pm
@@ -1389,7 +1389,7 @@ sub is_robot {
 		return 0;
 	}
 
-	if(($agent =~ /SELECT.+AND.+/) || ($agent =~ /ORDER BY /) || ($agent =~ / OR NOT /) || ($agent =~ / AND \d+=\d+/) || ($agent =~ /THEN.+ELSE.+END/) || ($agent =~ /.+AND.+SELECT.+/)) {
+	if(($agent =~ /SELECT.+AND.+/) || ($agent =~ /ORDER BY /) || ($agent =~ / OR NOT /) || ($agent =~ / AND \d+=\d+/) || ($agent =~ /THEN.+ELSE.+END/) || ($agent =~ /.+AND.+SELECT.+/) || ($agent =~ /\sAND\s.+\sAND\s/)) {
 		$self->status(403);
 		$self->{is_robot} = 1;
 		if($self->{logger}) {