mirror of
https://github.com/rsyslog/loganalyzer.git
synced 2025-09-25 10:57:52 +02:00
Fixed lots of minor issues handling form input (backslahes getting added and so on).
This commit is contained in:
Andre Lorbach
parent
f8d2306fa7
commit
2368febba9
@ -280,7 +280,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENADDED'], $content['Name'] ) , "charts.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENADDED'], DB_StripSlahes($content['Name']) ) , "charts.php" );
|
||||
}
|
||||
else if ( $_POST['op'] == "editchart" )
|
||||
{
|
||||
@ -309,7 +309,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENEDIT'], $content['Name']) , "charts.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_CHARTS_HASBEENEDIT'], DB_StripSlahes($content['Name']) ) , "charts.php" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -249,7 +249,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENADDED'], $content['FieldCaption'] ) , "fields.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENADDED'], DB_StripSlahes($content['FieldCaption']) ) , "fields.php" );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -267,7 +267,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENEDIT'], $content['FieldCaption']) , "fields.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_FIELDS_HASBEENEDIT'], DB_StripSlahes($content['FieldCaption']) ) , "fields.php" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -322,7 +322,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_HASBEENADDED'], $content['groupname'] ) , "groups.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_HASBEENADDED'], DB_StripSlahes($content['groupname']) ) , "groups.php" );
|
||||
}
|
||||
}
|
||||
else if ( $_POST['op'] == "editgroup" )
|
||||
@ -344,7 +344,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_ERROR_HASBEENEDIT'], $content['groupname']) , "groups.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_GROUP_ERROR_HASBEENEDIT'], DB_StripSlahes($content['groupname']) ) , "groups.php" );
|
||||
}
|
||||
}
|
||||
else if ( $_POST['op'] == "adduser" )
|
||||
|
||||
@ -235,7 +235,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENADDED'], $content['DisplayName'] ) , "searches.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENADDED'], DB_StripSlahes($content['DisplayName']) ) , "searches.php" );
|
||||
}
|
||||
else if ( $_POST['op'] == "editsearch" )
|
||||
{
|
||||
@ -258,7 +258,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENEDIT'], $content['DisplayName']) , "searches.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SEARCH_HASBEENEDIT'], DB_StripSlahes($content['DisplayName']) ) , "searches.php" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -512,7 +512,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCE_HASBEENADDED'], $content['Name'] ) , "sources.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCE_HASBEENADDED'], DB_StripSlahes($content['Name']) ) , "sources.php" );
|
||||
}
|
||||
else if ( $_POST['op'] == "editsource" )
|
||||
{
|
||||
@ -567,7 +567,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCES_HASBEENEDIT'], $content['Name']) , "sources.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_SOURCES_HASBEENEDIT'], DB_StripSlahes($content['Name']) ) , "sources.php" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -272,7 +272,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENADDED'], $content['USERNAME'] ) , "users.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENADDED'], DB_StripSlahes($content['USERNAME']) ) , "users.php" );
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -322,7 +322,7 @@ if ( isset($_POST['op']) )
|
||||
}
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENEDIT'], $content['USERNAME']) , "users.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENEDIT'], DB_StripSlahes($content['USERNAME']) ) , "users.php" );
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -275,7 +275,7 @@ if ( isset($content['ISEDITORNEWVIEW']) && $content['ISEDITORNEWVIEW'] )
|
||||
if ( isset($_POST['op']) )
|
||||
{
|
||||
if ( isset ($_POST['id']) ) { $content['VIEWID'] = DB_RemoveBadChars($_POST['id']); } else {$content['VIEWID'] = ""; }
|
||||
if ( isset ($_POST['DisplayName']) ) { $content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']); } else {$content['DisplayName'] = ""; }
|
||||
if ( isset ($_POST['DisplayName']) ) { $content['DisplayName'] = DB_StripSlahes($_POST['DisplayName']); } else {$content['DisplayName'] = ""; }
|
||||
|
||||
// User & Group handeled specially
|
||||
if ( isset ($_POST['isuseronly']) )
|
||||
@ -316,6 +316,9 @@ if ( isset($_POST['op']) )
|
||||
// Add New entry into columnlist
|
||||
$content['SUBCOLUMNS'][$szColId]['ColFieldID'] = $szColId;
|
||||
|
||||
// Set Internal FieldID
|
||||
$content['SUBCOLUMNS'][$szColId]['ColInternalID'] = $fields[$szColId]['FieldDefine'];
|
||||
|
||||
// Set Fieldcaption
|
||||
if ( isset($fields[$szColId]['FieldCaption']) )
|
||||
$content['SUBCOLUMNS'][$szColId]['ColCaption'] = $fields[$szColId]['FieldCaption'];
|
||||
@ -411,6 +414,9 @@ if ( isset($_POST['op']) )
|
||||
}
|
||||
else // Now SUBOP means normal processing!
|
||||
{
|
||||
// Now we convert fr DB insert!
|
||||
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
|
||||
|
||||
// Everything was alright, so we go to the next step!
|
||||
if ( $_POST['op'] == "addnewview" )
|
||||
{
|
||||
@ -437,7 +443,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Do the final redirect
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENADDED'], $content['DisplayName'] ) , "views.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENADDED'], DB_StripSlahes($content['DisplayName']) ) , "views.php" );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -447,6 +453,9 @@ if ( isset($_POST['op']) )
|
||||
}
|
||||
else if ( $_POST['op'] == "editview" )
|
||||
{
|
||||
// Now we convert fr DB insert!
|
||||
$content['DisplayName'] = DB_RemoveBadChars($_POST['DisplayName']);
|
||||
|
||||
$result = DB_Query("SELECT ID FROM " . DB_VIEWS . " WHERE ID = " . $content['VIEWID']);
|
||||
$myrow = DB_GetSingleRow($result, true);
|
||||
if ( !isset($myrow['ID']) )
|
||||
@ -480,7 +489,7 @@ if ( isset($_POST['op']) )
|
||||
DB_FreeQuery($result);
|
||||
|
||||
// Done redirect!
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENEDIT'], $content['DisplayName']) , "views.php" );
|
||||
RedirectResult( GetAndReplaceLangStr( $content['LN_VIEWS_HASBEENEDIT'], DB_StripSlahes($content['DisplayName']) ) , "views.php" );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -211,7 +211,7 @@ else if ( $content['CONVERT_STEP'] == 4 )
|
||||
if ( isset($_GET['errormsg']) )
|
||||
{
|
||||
$content['iserror'] = "true";
|
||||
$content['errormsg'] = DB_RemoveBadChars( urldecode($_GET['errormsg']) );
|
||||
$content['errormsg'] = DB_StripSlahes( urldecode($_GET['errormsg']) );
|
||||
}
|
||||
}
|
||||
else if ( $content['CONVERT_STEP'] == 5 )
|
||||
|
||||
@ -1347,44 +1347,44 @@ function PrintSecureUserCheck( $warningtext, $yesmsg, $nomsg )
|
||||
exit;
|
||||
}
|
||||
|
||||
function SaveGeneralSettingsIntoDB()
|
||||
function SaveGeneralSettingsIntoDB($bForceStripSlahes = false)
|
||||
{
|
||||
WriteConfigValue( "ViewDefaultLanguage", true );
|
||||
WriteConfigValue( "ViewDefaultTheme", true );
|
||||
WriteConfigValue( "ViewDefaultLanguage", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "ViewDefaultTheme", true, null, null,$bForceStripSlahes );
|
||||
|
||||
WriteConfigValue( "ViewUseTodayYesterday", true );
|
||||
WriteConfigValue( "ViewEnableDetailPopups", true );
|
||||
WriteConfigValue( "EnableIPAddressResolve", true );
|
||||
WriteConfigValue( "MiscShowDebugMsg", true );
|
||||
WriteConfigValue( "MiscShowDebugGridCounter", true );
|
||||
WriteConfigValue( "MiscShowPageRenderStats", true );
|
||||
WriteConfigValue( "MiscEnableGzipCompression", true );
|
||||
WriteConfigValue( "SuppressDuplicatedMessages", true );
|
||||
WriteConfigValue( "TreatNotFoundFiltersAsTrue", true );
|
||||
WriteConfigValue( "ViewUseTodayYesterday", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "ViewEnableDetailPopups", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "EnableIPAddressResolve", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "MiscShowDebugMsg", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "MiscShowDebugGridCounter", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "MiscShowPageRenderStats", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "MiscEnableGzipCompression", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "SuppressDuplicatedMessages", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "TreatNotFoundFiltersAsTrue", true, null, null,$bForceStripSlahes );
|
||||
|
||||
WriteConfigValue( "ViewMessageCharacterLimit", true );
|
||||
WriteConfigValue( "ViewStringCharacterLimit", true );
|
||||
WriteConfigValue( "ViewEntriesPerPage", true );
|
||||
WriteConfigValue( "ViewEnableAutoReloadSeconds", true );
|
||||
WriteConfigValue( "PopupMenuTimeout", true );
|
||||
WriteConfigValue( "ViewMessageCharacterLimit", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "ViewStringCharacterLimit", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "ViewEntriesPerPage", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "ViewEnableAutoReloadSeconds", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "PopupMenuTimeout", true, null, null,$bForceStripSlahes );
|
||||
|
||||
WriteConfigValue( "PrependTitle", true );
|
||||
WriteConfigValue( "SearchCustomButtonCaption", true );
|
||||
WriteConfigValue( "SearchCustomButtonSearch", true );
|
||||
WriteConfigValue( "PrependTitle", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "SearchCustomButtonCaption", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "SearchCustomButtonSearch", true, null, null,$bForceStripSlahes );
|
||||
|
||||
// Extra Fields
|
||||
WriteConfigValue( "DefaultViewsID", true );
|
||||
WriteConfigValue( "DefaultSourceID", true );
|
||||
WriteConfigValue( "DefaultViewsID", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "DefaultSourceID", true, null, null,$bForceStripSlahes );
|
||||
|
||||
// GLOBAL ONLY
|
||||
WriteConfigValue( "DebugUserLogin", true );
|
||||
WriteConfigValue( "MiscDebugToSyslog", true );
|
||||
WriteConfigValue( "MiscMaxExecutionTime", true );
|
||||
WriteConfigValue( "DebugUserLogin", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "MiscDebugToSyslog", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "MiscMaxExecutionTime", true, null, null,$bForceStripSlahes );
|
||||
|
||||
// Custom HTML Code
|
||||
WriteConfigValue( "InjectHtmlHeader", true );
|
||||
WriteConfigValue( "InjectBodyHeader", true );
|
||||
WriteConfigValue( "InjectBodyFooter", true );
|
||||
WriteConfigValue( "InjectHtmlHeader", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "InjectBodyHeader", true, null, null,$bForceStripSlahes );
|
||||
WriteConfigValue( "InjectBodyFooter", true, null, null ,$bForceStripSlahes );
|
||||
}
|
||||
|
||||
function SaveUserGeneralSettingsIntoDB()
|
||||
|
||||
@ -239,17 +239,18 @@ function DB_RemoveParserSpecialBadChars($myString)
|
||||
return $returnstr;
|
||||
}
|
||||
|
||||
function DB_RemoveBadChars($myString, $dbEngine = DB_MYSQL)
|
||||
function DB_RemoveBadChars($myString, $dbEngine = DB_MYSQL, $bForceStripSlahes = false)
|
||||
{
|
||||
if ( $dbEngine == DB_MSSQL )
|
||||
{
|
||||
//TODO STRIP SLASHES ?!
|
||||
// MSSQL needs special treatment -.-
|
||||
return str_replace("'","''",$myString);
|
||||
}
|
||||
else
|
||||
{
|
||||
// Replace with internal PHP Functions!
|
||||
if ( !get_magic_quotes_gpc() )
|
||||
if ( !get_magic_quotes_gpc() || $bForceStripSlahes )
|
||||
return addslashes($myString);
|
||||
// return addcslashes($myString, "'");
|
||||
else
|
||||
@ -322,17 +323,13 @@ function DB_Exec($query)
|
||||
return false;
|
||||
}
|
||||
|
||||
function PrepareValueForDB($szValue)
|
||||
function PrepareValueForDB($szValue, $bForceStripSlahes = false)
|
||||
{
|
||||
//echo "<br>" . $szValue . "<br>!" . preg_match("/[^\\\\]['\\\\][^'\\\\]/e", $szValue, $matches) . "<br>";
|
||||
// Copy value for DB and check for BadDB Chars!
|
||||
// if ( preg_match("/(?<!\\\\)\'|\\\\\\\\/x", $szValue) ) /* OLD /(?<!\\\\)\'|(?<!\\\\)\\\\/e */
|
||||
return DB_RemoveBadChars($szValue);
|
||||
// else
|
||||
// return $szValue;
|
||||
// Wrapper for this function
|
||||
return DB_RemoveBadChars($szValue, null, $bForceStripSlahes);
|
||||
}
|
||||
|
||||
function WriteConfigValue($szPropName, $is_global = true, $userid = false, $groupid = false)
|
||||
function WriteConfigValue($szPropName, $is_global = true, $userid = false, $groupid = false, $bForceStripSlahes = false)
|
||||
{
|
||||
global $content;
|
||||
|
||||
@ -346,7 +343,7 @@ function WriteConfigValue($szPropName, $is_global = true, $userid = false, $grou
|
||||
if ( isset($content[$szPropName]) )
|
||||
{
|
||||
// Copy value for DB and check for BadDB Chars!
|
||||
$szDbValue = PrepareValueForDB( $content[$szPropName] );
|
||||
$szDbValue = PrepareValueForDB( $content[$szPropName], $bForceStripSlahes );
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -387,7 +384,7 @@ function WriteConfigValue($szPropName, $is_global = true, $userid = false, $grou
|
||||
if ( isset($USERCFG[$szPropName]) )
|
||||
{
|
||||
// Copy value for DB and check for BadDB Chars!
|
||||
$szDbValue = PrepareValueForDB( $USERCFG[$szPropName] );
|
||||
$szDbValue = PrepareValueForDB( $USERCFG[$szPropName], $bForceStripSlahes );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@ -84,7 +84,7 @@ function ConvertGeneralSettings()
|
||||
global $content;
|
||||
|
||||
// Only call the same function as in admin index!
|
||||
SaveGeneralSettingsIntoDB();
|
||||
SaveGeneralSettingsIntoDB(true);
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -73,7 +73,7 @@
|
||||
<td align="right" class="line1" width="350"><input type="text" name="DisplayName" size="55" maxlength="255" value="{DisplayName}"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="left" class="cellmenu2"><b>{LN_GEN_USERONLY}</b></td>
|
||||
<td align="left" class="cellmenu2"><b>{LN_SEARCH_QUERY}</b></td>
|
||||
<td align="right" class="line2"><input type="text" name="SearchQuery" size="55" maxlength="1024" value="{SearchQuery}"></td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user