From d24dcda982d7fb37c8371fa227f4dbb1868f707d Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Tue, 4 Sep 2012 15:10:45 +0200 Subject: [PATCH 1/2] Merged fix from beta branch in function_db.php DB_RemoveBadChars function supports arrays now, this caused invisible notice errors. --- src/include/functions_db.php | 40 ++++++++++++++++++++++++++++-------- 1 file changed, 32 insertions(+), 8 deletions(-) diff --git a/src/include/functions_db.php b/src/include/functions_db.php index 5c48363..75de56e 100644 --- a/src/include/functions_db.php +++ b/src/include/functions_db.php @@ -257,17 +257,41 @@ function DB_RemoveParserSpecialBadChars($myString) return $returnstr; } -function DB_RemoveBadChars($myString, $dbEngine = DB_MYSQL, $bForceStripSlahes = false) +function DB_RemoveBadChars($myValue, $dbEngine = DB_MYSQL, $bForceStripSlahes = false) { - if ( $dbEngine == DB_MSSQL ) - { - // MSSQL needs special treatment -.- - return str_replace("'","''",$myString); + // Check if Array + if ( is_array($myValue) ) + { // Array value + $retArray = array(); + foreach( $myValue as $mykey => $myString ) + { + if ( $dbEngine == DB_MSSQL ) + { + // MSSQL needs special treatment -.- + $retArray[$mykey] = str_replace("'","''",$myString); + } + else + { + // Replace with internal PHP Functions! + $retArray[$mykey] = addslashes($myString); + } + } + + // Return fixed array! + return $retArray; } else - { - // Replace with internal PHP Functions! - return addslashes($myString); + { // Single value + if ( $dbEngine == DB_MSSQL ) + { + // MSSQL needs special treatment -.- + return str_replace("'","''",$myValue); + } + else + { + // Replace with internal PHP Functions! + return addslashes($myValue); + } } } From 8e1a98602562977268b537091ab89a18f0af8013 Mon Sep 17 00:00:00 2001 From: Andre Lorbach Date: Mon, 10 Sep 2012 14:51:13 +0200 Subject: [PATCH 2/2] Added changelog for 3.4.5 --- ChangeLog | 5 ++++- src/include/functions_common.php | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 84da3ea..a67cc34 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,8 +1,11 @@ --------------------------------------------------------------------------- +Version 3.4.5 (stable), 2012-09-10 +- Merged fix from beta branch in function_db.php. DB_RemoveBadChars + function supports arrays now, this caused invisible notice errors. +--------------------------------------------------------------------------- Version 3.4.4 (stable), 2012-06-19 - Fixed cross-site scripting vulnerability of highlight parameter on index.php page. - --------------------------------------------------------------------------- Version 3.4.3 (stable), 2012-05-22 - Fixed several security vulnerabilities discovered by Filippo Cavallarin. diff --git a/src/include/functions_common.php b/src/include/functions_common.php index e72fa73..4ccdb2a 100644 --- a/src/include/functions_common.php +++ b/src/include/functions_common.php @@ -66,7 +66,7 @@ $LANG_EN = "en"; // Used for fallback $LANG = "en"; // Default language // Default Template vars -$content['BUILDNUMBER'] = "3.4.4"; +$content['BUILDNUMBER'] = "3.4.5"; $content['UPDATEURL'] = "http://loganalyzer.adiscon.com/files/version.txt"; $content['TITLE'] = "Adiscon LogAnalyzer :: Release " . $content['BUILDNUMBER']; // Default page title $content['BASEPATH'] = $gl_root_path;