From 7b84a6f49af1a27e9da4d34104125a6e62ca50e6 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Mon, 19 Jun 2023 03:17:24 +0200
Subject: [PATCH] FIX #24991

---
 htdocs/main.inc.php           | 2 +-
 test/phpunit/SecurityTest.php | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 2465d3ccd08..79bfd9c9886 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -136,7 +136,7 @@ function testSqlAndScriptInject($val, $type)
 		$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() or mysql_user() that return current database login
 		$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
 		$inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST
-		$inj += preg_match('/update[^&].*set.+=/i', $val);	// the [^&] test is to avoir error when request is like action=update&...set...
+		$inj += preg_match('/update[^&=\w].*set.+=/i', $val);	// the [^&=\w] test is to avoid error when request is like action=update&...set... or &updatemodule=...set...
 		$inj += preg_match('/union.+select/i', $val);
 	}
 	if ($type == 3) {
diff --git a/test/phpunit/SecurityTest.php b/test/phpunit/SecurityTest.php
index 4a0b65333ff..c2e1bead8a5 100644
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@@ -202,6 +202,11 @@ class SecurityTest extends PHPUnit\Framework\TestCase
 		$result=testSqlAndScriptInject($test, 0);
 		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject expected 0c');
 
+		$test='/user/perms.php?id=1&action=addrights&entity=1&rights=123&confirm=yes&token=123456789&updatedmodulename=lmscoursetracking';
+		$result=testSqlAndScriptInject($test, 1);
+		print "test=".$test." result=".$result."\n";
+		$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject with a valid url');
+
 		// Should detect attack
 		$expectedresult=1;