tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Solved problems with single quotes when download UM messages

This commit is contained in:
fermin831 2016-06-17 12:34:07 +02:00
parent db89ef2861
commit 8c4a41d504
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_console/general/last_message.php
View File

@ -44,10 +44,10 @@ if (is_ajax()) {
// Prints first step pandora registration // Prints first step pandora registration
echo '<div id="message_id_dialog" title="' . echo '<div id="message_id_dialog" title="' .
'[' . $message["svn_version"] . '] ' . $message['db_field_value'] . '">'; io_safe_output($message['db_field_value']) . '">';
echo '<div>'; echo '<div>';
echo $message["data"]; echo io_safe_output_html($message["data"]);
echo '</div>'; echo '</div>';
echo '</div>'; echo '</div>';

2
pandora_console/godmode/update_manager/update_manager.messages.php
View File

@ -144,7 +144,7 @@ if ($total_messages){
$data[1] = $message['svn_version']; $data[1] = $message['svn_version'];
$table->cellclass[count($table->data)][1] = 'um_individual_info'; $table->cellclass[count($table->data)][1] = 'um_individual_info';
$data[2] = $message['db_field_value']; $data[2] = io_safe_output($message['db_field_value']);
$table->cellclass[count($table->data)][2] = 'um_individual_subject'; $table->cellclass[count($table->data)][2] = 'um_individual_subject';

7
pandora_console/include/functions_update_manager.php
View File

@ -524,6 +524,7 @@ function update_manager_register_instance () {
} }
function update_manager_download_messages () { function update_manager_download_messages () {
include_once ("include/functions_io.php");
global $config; global $config;
if (!isset ($config['pandora_uid'])) return; if (!isset ($config['pandora_uid'])) return;
@ -554,9 +555,11 @@ function update_manager_download_messages () {
if ($message['success'] == 1) { if ($message['success'] == 1) {
foreach ($message['messages'] as $single_message) { foreach ($message['messages'] as $single_message) {
// Convert subject -> db_field_value; message_html -> data; expiration -> filename; message_id -> svn_version // Convert subject -> db_field_value; message_html -> data; expiration -> filename; message_id -> svn_version
$single_message['db_field_value'] = $single_message['subject']; $single_message['db_field_value'] = io_safe_input($single_message['subject']);
unset ($single_message['subject']); unset ($single_message['subject']);
$single_message['data'] = $single_message['message_html']; $single_message['data'] = io_safe_input_html($single_message['message_html']);
// It is mandatory to prepend a backslash to all single quotes
$single_message['data'] = preg_replace ('/\'/','\\\'', $single_message['data']);
unset ($single_message['message_html']); unset ($single_message['message_html']);
$single_message['filename'] = $single_message['expiration']; $single_message['filename'] = $single_message['expiration'];
unset ($single_message['expiration']); unset ($single_message['expiration']);