From 8db292a501feccc66be4eb33a05d02674be89bbd Mon Sep 17 00:00:00 2001
From: Christian Schneider
Date: Tue, 7 May 2024 17:19:58 +0200
Subject: Abort if table name contains invalid characters

---
 it_dbi.class | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'it_dbi.class')

diff --git a/it_dbi.class b/it_dbi.class
index d4722e9..12a4ef1 100644
--- a/it_dbi.class
+++ b/it_dbi.class
@@ -85,6 +85,9 @@ function __construct($p = array(), $query = null, ...$args)
 
 	if ($p['table'])		# Standard use: create a table object
 	{
+		if (it::match('[^a-z0-9_.]', $p['table']))
+			$this->_fatal("_construct: invalid table name '{$p['table']}''");
+
 		if (!isset($GLOBALS[static::$_global_key]))
 			new static::$_global_key;
 
-- 
cgit v1.2.3