Sanitize log entries

6ab0dff2 · Peter Rotich · ea1ed4f6 · 6ab0dff2
Commit 6ab0dff2 authored 11 years ago by Peter Rotich
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -297,11 +297,11 @@ class osTicket {

        //Save log based on system log level settings.
        $loglevel=array(1=>'Error','Warning','Debug');
-        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '.
-            ',title='.db_input($title).
-            ',log_type='.db_input($loglevel[$level]).
-            ',log='.db_input($message).
-            ',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
+        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '
+            .',title='.db_input(Format::sanitize($title, true))
+            .',log_type='.db_input($loglevel[$level])
+            .',log='.db_input(Format::sanitize($message, false))
+            .',ip_address='.db_input($_SERVER['REMOTE_ADDR']);

        db_query($sql, false);