Merge pull request #657 from protich/issue/logs

Sanitize log entries Reviewed-With: Jared Hancock <jared@osticket.com>

Merge pull request #657 from protich/issue/logs
Sanitize log entries Reviewed-With: Jared Hancock <jared@osticket.com>
e0d21fb0 · Peter Rotich · df26c4e2 · 6ab0dff2 · e0d21fb0
Commit e0d21fb0 authored 11 years ago by Peter Rotich
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -297,11 +297,11 @@ class osTicket {

        //Save log based on system log level settings.
        $loglevel=array(1=>'Error','Warning','Debug');
-        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '.
-            ',title='.db_input($title).
-            ',log_type='.db_input($loglevel[$level]).
-            ',log='.db_input($message).
-            ',ip_address='.db_input($_SERVER['REMOTE_ADDR']);
+        $sql='INSERT INTO '.SYSLOG_TABLE.' SET created=NOW(), updated=NOW() '
+            .',title='.db_input(Format::sanitize($title, true))
+            .',log_type='.db_input($loglevel[$level])
+            .',log='.db_input(Format::sanitize($message, false))
+            .',ip_address='.db_input($_SERVER['REMOTE_ADDR']);

        db_query($sql, false);