tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-25 18:59:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed lots of minor issues handling form input (backslahes getting added and so on).

Browse Source
This commit is contained in:
Andre Lorbach 2008-10-24 16:02:40 +02:00
parent f8d2306fa7
commit 2368febba9
12 changed files with 64 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/admin/charts.php
View File

@ -280,7 +280,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENADDED'], $content['Name'] ) , "charts.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENADDED'], DB_StripSlahes($content['Name']) ) , "charts.php" );
} }
else if ( $_POST['op'] == "editchart" ) else if ( $_POST['op'] == "editchart" )
{ {
@ -309,7 +309,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENEDIT'], $content['Name']) , "charts.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENEDIT'], DB_StripSlahes($content['Name']) ) , "charts.php" );
} }
} }
} }

4
src/admin/fields.php
View File

@ -249,7 +249,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENADDED'], $content['FieldCaption'] ) , "fields.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENADDED'], DB_StripSlahes($content['FieldCaption']) ) , "fields.php" );
} }
else else
{ {
@ -267,7 +267,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENEDIT'], $content['FieldCaption']) , "fields.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENEDIT'], DB_StripSlahes($content['FieldCaption']) ) , "fields.php" );
} }
} }
} }

4
src/admin/groups.php
View File

@ -322,7 +322,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_HASBEENADDED'], $content['groupname'] ) , "groups.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_HASBEENADDED'], DB_StripSlahes($content['groupname']) ) , "groups.php" );
} }
} }
else if ( $_POST['op'] == "editgroup" ) else if ( $_POST['op'] == "editgroup" )
@ -344,7 +344,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_ERROR_HASBEENEDIT'], $content['groupname']) , "groups.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_ERROR_HASBEENEDIT'], DB_StripSlahes($content['groupname']) ) , "groups.php" );
} }
} }
else if ( $_POST['op'] == "adduser" ) else if ( $_POST['op'] == "adduser" )

4
src/admin/searches.php
View File

@ -235,7 +235,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENADDED'], $content['DisplayName'] ) , "searches.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENADDED'], DB_StripSlahes($content['DisplayName']) ) , "searches.php" );
} }
else if ( $_POST['op'] == "editsearch" ) else if ( $_POST['op'] == "editsearch" )
{ {
@ -258,7 +258,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENEDIT'], $content['DisplayName']) , "searches.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENEDIT'], DB_StripSlahes($content['DisplayName']) ) , "searches.php" );
} }
} }
} }

4
src/admin/sources.php
View File

@ -512,7 +512,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCE_HASBEENADDED'], $content['Name'] ) , "sources.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCE_HASBEENADDED'], DB_StripSlahes($content['Name']) ) , "sources.php" );
} }
else if ( $_POST['op'] == "editsource" ) else if ( $_POST['op'] == "editsource" )
{ {
@ -567,7 +567,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCES_HASBEENEDIT'], $content['Name']) , "sources.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCES_HASBEENEDIT'], DB_StripSlahes($content['Name']) ) , "sources.php" );
} }
} }
} }

4
src/admin/users.php
View File

@ -272,7 +272,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENADDED'], $content['USERNAME'] ) , "users.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENADDED'], DB_StripSlahes($content['USERNAME']) ) , "users.php" );
} }
} }
} }
@ -322,7 +322,7 @@ if ( isset($_POST['op']) )
} }
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENEDIT'], $content['USERNAME']) , "users.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENEDIT'], DB_StripSlahes($content['USERNAME']) ) , "users.php" );
} }
} }
} }

15
src/admin/views.php
View File

@ -275,7 +275,7 @@ if ( isset($content['ISEDITORNEWVIEW']) && $content['ISEDITORNEWVIEW'] )
if ( isset($_POST['op']) ) if ( isset($_POST['op']) )
{ {
if ( isset ($_POST['id']) ) { $content['VIEWID'] = DB_RemoveBadChars($_POST['id']); } else {$content['VIEWID'] = ""; } if ( isset ($_POST['id']) ) { $content['VIEWID'] = DB_RemoveBadChars($_POST['id']); } else {$content['VIEWID'] = ""; }
if ( isset ($_POST['DisplayName']) ) { $content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']); } else {$content['DisplayName'] = ""; } if ( isset ($_POST['DisplayName']) ) { $content['DisplayName'] = DB_StripSlahes($_POST['DisplayName']); } else {$content['DisplayName'] = ""; }
// User & Group handeled specially // User & Group handeled specially
if ( isset ($_POST['isuseronly']) ) if ( isset ($_POST['isuseronly']) )
@ -316,6 +316,9 @@ if ( isset($_POST['op']) )
// Add New entry into columnlist // Add New entry into columnlist
$content['SUBCOLUMNS'][$szColId]['ColFieldID'] = $szColId; $content['SUBCOLUMNS'][$szColId]['ColFieldID'] = $szColId;
// Set Internal FieldID
$content['SUBCOLUMNS'][$szColId]['ColInternalID'] = $fields[$szColId]['FieldDefine'];
// Set Fieldcaption // Set Fieldcaption
if ( isset($fields[$szColId]['FieldCaption']) ) if ( isset($fields[$szColId]['FieldCaption']) )
$content['SUBCOLUMNS'][$szColId]['ColCaption'] = $fields[$szColId]['FieldCaption']; $content['SUBCOLUMNS'][$szColId]['ColCaption'] = $fields[$szColId]['FieldCaption'];
@ -411,6 +414,9 @@ if ( isset($_POST['op']) )
} }
else // Now SUBOP means normal processing! else // Now SUBOP means normal processing!
{ {
// Now we convert fr DB insert!
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
// Everything was alright, so we go to the next step! // Everything was alright, so we go to the next step!
if ( $_POST['op'] == "addnewview" ) if ( $_POST['op'] == "addnewview" )
{ {
@ -437,7 +443,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Do the final redirect // Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENADDED'], $content['DisplayName'] ) , "views.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENADDED'], DB_StripSlahes($content['DisplayName']) ) , "views.php" );
} }
else else
{ {
@ -447,6 +453,9 @@ if ( isset($_POST['op']) )
} }
else if ( $_POST['op'] == "editview" ) else if ( $_POST['op'] == "editview" )
{ {
// Now we convert fr DB insert!
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
$result = DB_Query("SELECT ID FROM " . DB_VIEWS . " WHERE ID = " . $content['VIEWID']); $result = DB_Query("SELECT ID FROM " . DB_VIEWS . " WHERE ID = " . $content['VIEWID']);
$myrow = DB_GetSingleRow($result, true); $myrow = DB_GetSingleRow($result, true);
if ( !isset($myrow['ID']) ) if ( !isset($myrow['ID']) )
@ -480,7 +489,7 @@ if ( isset($_POST['op']) )
DB_FreeQuery($result); DB_FreeQuery($result);
// Done redirect! // Done redirect!
RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENEDIT'], $content['DisplayName']) , "views.php" ); RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENEDIT'], DB_StripSlahes($content['DisplayName']) ) , "views.php" );
} }
else else
{ {

2
src/convert.php
View File

@ -211,7 +211,7 @@ else if ( $content['CONVERT_STEP'] == 4 )
if ( isset($_GET['errormsg']) ) if ( isset($_GET['errormsg']) )
{ {
$content['iserror'] = "true"; $content['iserror'] = "true";
$content['errormsg'] = DB_RemoveBadChars( urldecode($_GET['errormsg']) ); $content['errormsg'] = DB_StripSlahes( urldecode($_GET['errormsg']) );
} }
} }
else if ( $content['CONVERT_STEP'] == 5 ) else if ( $content['CONVERT_STEP'] == 5 )

56
src/include/functions_common.php
View File

@ -1347,44 +1347,44 @@ function PrintSecureUserCheck( $warningtext, $yesmsg, $nomsg )
exit; exit;
} }
function SaveGeneralSettingsIntoDB() function SaveGeneralSettingsIntoDB($bForceStripSlahes = false)
{ {
WriteConfigValue( "ViewDefaultLanguage", true ); WriteConfigValue( "ViewDefaultLanguage", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewDefaultTheme", true ); WriteConfigValue( "ViewDefaultTheme", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewUseTodayYesterday", true ); WriteConfigValue( "ViewUseTodayYesterday", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewEnableDetailPopups", true ); WriteConfigValue( "ViewEnableDetailPopups", true, null, null,$bForceStripSlahes );
WriteConfigValue( "EnableIPAddressResolve", true ); WriteConfigValue( "EnableIPAddressResolve", true, null, null,$bForceStripSlahes );
WriteConfigValue( "MiscShowDebugMsg", true ); WriteConfigValue( "MiscShowDebugMsg", true, null, null,$bForceStripSlahes );
WriteConfigValue( "MiscShowDebugGridCounter", true ); WriteConfigValue( "MiscShowDebugGridCounter", true, null, null,$bForceStripSlahes );
WriteConfigValue( "MiscShowPageRenderStats", true ); WriteConfigValue( "MiscShowPageRenderStats", true, null, null,$bForceStripSlahes );
WriteConfigValue( "MiscEnableGzipCompression", true ); WriteConfigValue( "MiscEnableGzipCompression", true, null, null,$bForceStripSlahes );
WriteConfigValue( "SuppressDuplicatedMessages", true ); WriteConfigValue( "SuppressDuplicatedMessages", true, null, null,$bForceStripSlahes );
WriteConfigValue( "TreatNotFoundFiltersAsTrue", true ); WriteConfigValue( "TreatNotFoundFiltersAsTrue", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewMessageCharacterLimit", true ); WriteConfigValue( "ViewMessageCharacterLimit", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewStringCharacterLimit", true ); WriteConfigValue( "ViewStringCharacterLimit", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewEntriesPerPage", true ); WriteConfigValue( "ViewEntriesPerPage", true, null, null,$bForceStripSlahes );
WriteConfigValue( "ViewEnableAutoReloadSeconds", true ); WriteConfigValue( "ViewEnableAutoReloadSeconds", true, null, null,$bForceStripSlahes );
WriteConfigValue( "PopupMenuTimeout", true ); WriteConfigValue( "PopupMenuTimeout", true, null, null,$bForceStripSlahes );
WriteConfigValue( "PrependTitle", true ); WriteConfigValue( "PrependTitle", true, null, null,$bForceStripSlahes );
WriteConfigValue( "SearchCustomButtonCaption", true ); WriteConfigValue( "SearchCustomButtonCaption", true, null, null,$bForceStripSlahes );
WriteConfigValue( "SearchCustomButtonSearch", true ); WriteConfigValue( "SearchCustomButtonSearch", true, null, null,$bForceStripSlahes );
// Extra Fields // Extra Fields
WriteConfigValue( "DefaultViewsID", true ); WriteConfigValue( "DefaultViewsID", true, null, null,$bForceStripSlahes );
WriteConfigValue( "DefaultSourceID", true ); WriteConfigValue( "DefaultSourceID", true, null, null,$bForceStripSlahes );
// GLOBAL ONLY // GLOBAL ONLY
WriteConfigValue( "DebugUserLogin", true ); WriteConfigValue( "DebugUserLogin", true, null, null,$bForceStripSlahes );
WriteConfigValue( "MiscDebugToSyslog", true ); WriteConfigValue( "MiscDebugToSyslog", true, null, null,$bForceStripSlahes );
WriteConfigValue( "MiscMaxExecutionTime", true ); WriteConfigValue( "MiscMaxExecutionTime", true, null, null,$bForceStripSlahes );
// Custom HTML Code // Custom HTML Code
WriteConfigValue( "InjectHtmlHeader", true ); WriteConfigValue( "InjectHtmlHeader", true, null, null,$bForceStripSlahes );
WriteConfigValue( "InjectBodyHeader", true ); WriteConfigValue( "InjectBodyHeader", true, null, null,$bForceStripSlahes );
WriteConfigValue( "InjectBodyFooter", true ); WriteConfigValue( "InjectBodyFooter", true, null, null ,$bForceStripSlahes );
} }
function SaveUserGeneralSettingsIntoDB() function SaveUserGeneralSettingsIntoDB()

21
src/include/functions_db.php
View File

@ -239,17 +239,18 @@ function DB_RemoveParserSpecialBadChars($myString)
return $returnstr; return $returnstr;
} }
function DB_RemoveBadChars($myString, $dbEngine = DB_MYSQL) function DB_RemoveBadChars($myString, $dbEngine = DB_MYSQL, $bForceStripSlahes = false)
{ {
if ( $dbEngine == DB_MSSQL ) if ( $dbEngine == DB_MSSQL )
{ {
//TODO STRIP SLASHES ?!
// MSSQL needs special treatment -.- // MSSQL needs special treatment -.-
return str_replace("'","''",$myString); return str_replace("'","''",$myString);
} }
else else
{ {
// Replace with internal PHP Functions! // Replace with internal PHP Functions!
if ( !get_magic_quotes_gpc() ) if ( !get_magic_quotes_gpc() || $bForceStripSlahes )
return addslashes($myString); return addslashes($myString);
// return addcslashes($myString, "'"); // return addcslashes($myString, "'");
else else
@ -322,17 +323,13 @@ function DB_Exec($query)
return false; return false;
} }
function PrepareValueForDB($szValue) function PrepareValueForDB($szValue, $bForceStripSlahes = false)
{ {
//echo "<br>" . $szValue . "<br>!" . preg_match("/[^\\\\]['\\\\][^'\\\\]/e", $szValue, $matches) . "<br>"; // Wrapper for this function
// Copy value for DB and check for BadDB Chars! return DB_RemoveBadChars($szValue, null, $bForceStripSlahes);
// if ( preg_match("/(?<!\\\\)\'|\\\\\\\\/x", $szValue) ) /* OLD /(?<!\\\\)\'|(?<!\\\\)\\\\/e */
return DB_RemoveBadChars($szValue);
// else
// return $szValue;
} }
function WriteConfigValue($szPropName, $is_global = true, $userid = false, $groupid = false) function WriteConfigValue($szPropName, $is_global = true, $userid = false, $groupid = false, $bForceStripSlahes = false)
{ {
global $content; global $content;
@ -346,7 +343,7 @@ function WriteConfigValue($szPropName, $is_global = true, $userid = false, $grou
if ( isset($content[$szPropName]) ) if ( isset($content[$szPropName]) )
{ {
// Copy value for DB and check for BadDB Chars! // Copy value for DB and check for BadDB Chars!
$szDbValue = PrepareValueForDB( $content[$szPropName] ); $szDbValue = PrepareValueForDB( $content[$szPropName], $bForceStripSlahes );
} }
else else
{ {
@ -387,7 +384,7 @@ function WriteConfigValue($szPropName, $is_global = true, $userid = false, $grou
if ( isset($USERCFG[$szPropName]) ) if ( isset($USERCFG[$szPropName]) )
{ {
// Copy value for DB and check for BadDB Chars! // Copy value for DB and check for BadDB Chars!
$szDbValue = PrepareValueForDB( $USERCFG[$szPropName] ); $szDbValue = PrepareValueForDB( $USERCFG[$szPropName], $bForceStripSlahes );
} }
else else
{ {

2
src/include/functions_installhelpers.php
View File

@ -84,7 +84,7 @@ function ConvertGeneralSettings()
global $content; global $content;
// Only call the same function as in admin index! // Only call the same function as in admin index!
SaveGeneralSettingsIntoDB(); SaveGeneralSettingsIntoDB(true);
} }
/* /*

2
src/templates/admin/admin_searches.html
View File

@ -73,7 +73,7 @@
<td align="right" class="line1" width="350"><input type="text" name="DisplayName" size="55" maxlength="255" value="{DisplayName}"></td> <td align="right" class="line1" width="350"><input type="text" name="DisplayName" size="55" maxlength="255" value="{DisplayName}"></td>
</tr> </tr>
<tr> <tr>
<td align="left" class="cellmenu2"><b>{LN_GEN_USERONLY}</b></td> <td align="left" class="cellmenu2"><b>{LN_SEARCH_QUERY}</b></td>
<td align="right" class="line2"><input type="text" name="SearchQuery" size="55" maxlength="1024" value="{SearchQuery}"></td> <td align="right" class="line2"><input type="text" name="SearchQuery" size="55" maxlength="1024" value="{SearchQuery}"></td>
</tr> </tr>
<tr> <tr>