s.probst/OpenXE
1
0
Fork 0
mirror of https://github.com/OpenXE-org/OpenXE.git synced 2024-11-15 04:27:14 +01:00
Code Issues Projects Releases Wiki Activity

#12 Logfile::addLogFile() does not escape the given parameters

Browse Source
This commit is contained in:
Roland Rusch 2023-07-19 15:31:09 +02:00
parent b02da95c2f
commit e6960f0030
1 changed files with 5 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
www/pages/logfile.php
View File

@ -253,15 +253,12 @@ class Logfile {
} }
} }
} }
if(is_array($meldung)) {
$meldung = print_r($meldung, true);
}
$module = $this->app->DB->real_escape_string($module); $module = $this->app->DB->real_escape_string(is_scalar($module) ? strval($module) : print_r($module, true));
$action = $this->app->DB->real_escape_string($action); $action = $this->app->DB->real_escape_string(is_scalar($action) ? strval($action) : print_r($action, true));
$meldung = $this->app->DB->real_escape_string($meldung); $meldung = $this->app->DB->real_escape_string(is_scalar($meldung) ? strval($meldung) : print_r($meldung, true));
$dump = $this->app->DB->real_escape_string($dump); $dump = $this->app->DB->real_escape_string(is_scalar($dump) ? strval($dump) : print_r($dump, true));
$functionname = $this->app->DB->real_escape_string($functionname); $functionname = $this->app->DB->real_escape_string(is_scalar($functionname) ? strval($functionname) : print_r($functionname, true));
$this->app->DB->Insert( $this->app->DB->Insert(
sprintf( sprintf(