From e6960f003064a9541c6a3ae8397e97e18345afb7 Mon Sep 17 00:00:00 2001
From: Roland Rusch <roland@rusch.lu>
Date: Wed, 19 Jul 2023 15:31:09 +0200
Subject: [PATCH] #12 Logfile::addLogFile() does not escape the given
 parameters

---
 www/pages/logfile.php | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/www/pages/logfile.php b/www/pages/logfile.php
index 0271a4c1..1e47c4ff 100644
--- a/www/pages/logfile.php
+++ b/www/pages/logfile.php
@@ -253,15 +253,12 @@ class Logfile {
         }
       }
     }
-    if(is_array($meldung)) {
-      $meldung = print_r($meldung, true);
-    }
     
-    $module = $this->app->DB->real_escape_string($module);
-    $action = $this->app->DB->real_escape_string($action);
-    $meldung = $this->app->DB->real_escape_string($meldung);
-    $dump = $this->app->DB->real_escape_string($dump);
-    $functionname = $this->app->DB->real_escape_string($functionname);
+    $module = $this->app->DB->real_escape_string(is_scalar($module) ? strval($module) : print_r($module, true));
+    $action = $this->app->DB->real_escape_string(is_scalar($action) ? strval($action) : print_r($action, true));
+    $meldung = $this->app->DB->real_escape_string(is_scalar($meldung) ? strval($meldung) : print_r($meldung, true));
+    $dump = $this->app->DB->real_escape_string(is_scalar($dump) ? strval($dump) : print_r($dump, true));
+    $functionname = $this->app->DB->real_escape_string(is_scalar($functionname) ? strval($functionname) : print_r($functionname, true));
     
     $this->app->DB->Insert(
       sprintf(