From d22bc76741fc8d1aac9bb2b45a4e883e69af6c16 Mon Sep 17 00:00:00 2001
From: Nigel Horne <njh@bandsman.co.uk>
Date: Sun, 20 Aug 2023 14:58:34 -0700
Subject: [PATCH] Block more SQL injection attempts

---
 lib/CGI/Info.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/CGI/Info.pm b/lib/CGI/Info.pm
index a1d58a0..1045cbb 100644
--- a/lib/CGI/Info.pm
+++ b/lib/CGI/Info.pm
@@ -1348,7 +1348,7 @@ sub is_robot {
 		return 0;
 	}
 
-	if($agent =~ /SELECT.+AND.+/) {
+	if(($agent =~ /SELECT.+AND.+/) || ($agent =~ /ORDER BY /)) {
 		$self->status(403);
 		$self->{is_robot} = 1;
 		if($self->{logger}) {