tyler.durden/loganalyzer
1
0
Fork 0
mirror of https://github.com/rsyslog/loganalyzer.git synced 2025-09-26 03:09:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed Cross Site Scripting Issue

Browse Source 
In index.php/detail.php for stringtype fields
This commit is contained in:
Andre Lorbach 2014-09-01 16:37:46 +02:00
parent 753ce6bb2e
commit 30f621a49f
3 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,9 +1,11 @@
---------------------------------------------------------------------------
Version 3.6.6 (stable), 2014-??-??
Version 3.6.6 (stable), 2014-09-01
- Fixed bug in databasemapping admin. The form parameter and database
fieldname of EventID field were interfering.
- Fixed a bug in maintenance.php, the ID parameter was forced to
an integer. A leftover from earlier loganalyzer days.
- Fixed Cross Site Scripting Issue in index.php/detail.php for
stringtype fields.
---------------------------------------------------------------------------
Version 3.6.5 (stable), 2013-10-08
- LogStreamDB Driver, LogStreamPDO Driver, UserDB:

2
src/details.php
View File

@ -286,7 +286,7 @@ if ( isset($content['Sources'][$currentSourceID]) ) // && $content['uid_current'
if ( $mycolkey == SYSLOG_MESSAGE )
$content['fields'][$mycolkey]['fieldvalue'] = ReplaceLineBreaksInString( GetStringWithHTMLCodes($logArray[$mycolkey]) );
else // kindly copy!
$content['fields'][$mycolkey]['fieldvalue'] = ReplaceLineBreaksInString( $logArray[$mycolkey] );
$content['fields'][$mycolkey]['fieldvalue'] = ReplaceLineBreaksInString( GetStringWithHTMLCodes($logArray[$mycolkey]) );
// --- HOOK here to add context links!
AddContextLinks($content['fields'][$mycolkey]['fieldvalue']);

2
src/index.php
View File

@ -573,7 +573,7 @@ if ( isset($content['Sources'][$currentSourceID]) )
// ---
}
else // Just set field value
$content['syslogmessages'][$counter]['values'][$mycolkey]['messagesdetails'][$myIndex]['detailfieldvalue'] = isset($myfield['rawfieldvalue']) ? $myfield['rawfieldvalue'] : $myfield['fieldvalue'];
$content['syslogmessages'][$counter]['values'][$mycolkey]['messagesdetails'][$myIndex]['detailfieldvalue'] = isset($myfield['rawfieldvalue']) ? GetStringWithHTMLCodes($myfield['rawfieldvalue']) : GetStringWithHTMLCodes($myfield['fieldvalue']);
}
}