From 9994f8c18ded6bfeb3232bc60194f49840b6977b Mon Sep 17 00:00:00 2001 From: Roland Rusch Date: Wed, 19 Jul 2023 15:14:18 +0200 Subject: [PATCH] #12 Logfile::addLogFile() does not escape the given parameters --- www/pages/logfile.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/www/pages/logfile.php b/www/pages/logfile.php index 67257c53..4fe1a54e 100644 --- a/www/pages/logfile.php +++ b/www/pages/logfile.php @@ -1,4 +1,4 @@ - +*/ +?> app->DB->real_escape_string(print_r($meldung, true)); } + + // Quick fix + $dump = $this->app->DB->real_escape_string(print_r($dump, true)); + $this->app->DB->Insert( sprintf( "INSERT INTO logfile (module,action,meldung,dump,datum,bearbeiter,funktionsname)