From 6ab0dff253c2e825865e3d9c91ef2cbb277b16b8 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@enhancesoft.com>
Date: Thu, 1 Aug 2013 21:58:05 +0000
Subject: [PATCH] Sanitize log entries

---
 include/class.osticket.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/include/class.osticket.php b/include/class.osticket.php
index 671bdca4b..4b064e4ee 100644
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -297,11 +297,11 @@ class osTicket {
 
         //Save log based on system log level settings.
         $loglevel=array(1=>'Error','Warning','Debug');
-        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '.
-            ',title='.db_input($title).
-            ',log_type='.db_input($loglevel[$level]).
-            ',log='.db_input($message).
-            ',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
+        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '
+            .',title='.db_input(Format::sanitize($title, true))
+            .',log_type='.db_input($loglevel[$level])
+            .',log='.db_input(Format::sanitize($message, false))
+            .',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
 
         db_query($sql, false);
 
-- 
GitLab