tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 02:47:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed SQL Injection vulnerability in admin/view.php

Browse Source
This commit is contained in:
Andre Lorbach 2012-05-22 10:56:59 +02:00
parent 565cc2b3e5
commit 0716c4ec9a
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/admin/views.php
View File

@ -236,7 +236,7 @@ if ( isset($content['ISEDITORNEWVIEW']) && $content['ISEDITORNEWVIEW'] )
{
// If Columns are send using POST we use them, otherwise we try to use from the view itself, if available
if ( isset($_POST['Columns']) )
$AllColumns = $_POST['Columns'];
$AllColumns = DB_RemoveBadChars($_POST['Columns']);
else if ( isset($content['COLUMNS']) )
$AllColumns = $content['COLUMNS'];
@ -489,12 +489,12 @@ if ( isset($_POST['op']) )
if ( isset($_POST['Columns']) && is_array($_POST['Columns']) )
{
// Copy columns ID's
foreach ($_POST['Columns'] as $myColKey)
foreach ( $_POST['Columns'] as $myColKey)
{
if ( isset($content['COLUMNS']) )
$content['COLUMNS'] .= ", " . $myColKey;
$content['COLUMNS'] .= ", " . DB_RemoveBadChars($myColKey);
else
$content['COLUMNS'] = $myColKey;
$content['COLUMNS'] = DB_RemoveBadChars($myColKey);
}
// Add custom search now!
@ -538,9 +538,9 @@ if ( isset($_POST['op']) )
foreach ($_POST['Columns'] as $myColKey)
{
if ( isset($content['COLUMNS']) )
$content['COLUMNS'] .= ", " . $myColKey;
$content['COLUMNS'] .= ", " . DB_RemoveBadChars($myColKey);
else
$content['COLUMNS'] = $myColKey;
$content['COLUMNS'] = DB_RemoveBadChars($myColKey);
}