From b02da95c2f100ace5c710b76d9b585217dbd0ce6 Mon Sep 17 00:00:00 2001
From: Roland Rusch <roland@rusch.lu>
Date: Wed, 19 Jul 2023 15:18:04 +0200
Subject: [PATCH] #12 Logfile::addLogFile() does not escape the given
 parameters

---
 www/pages/logfile.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/www/pages/logfile.php b/www/pages/logfile.php
index 4fe1a54e..0271a4c1 100644
--- a/www/pages/logfile.php
+++ b/www/pages/logfile.php
@@ -254,11 +254,14 @@ class Logfile {
       }
     }
     if(is_array($meldung)) {
-      $meldung = $this->app->DB->real_escape_string(print_r($meldung, true));
+      $meldung = print_r($meldung, true);
     }
     
-    // Quick fix
-    $dump = $this->app->DB->real_escape_string(print_r($dump, true));
+    $module = $this->app->DB->real_escape_string($module);
+    $action = $this->app->DB->real_escape_string($action);
+    $meldung = $this->app->DB->real_escape_string($meldung);
+    $dump = $this->app->DB->real_escape_string($dump);
+    $functionname = $this->app->DB->real_escape_string($functionname);
     
     $this->app->DB->Insert(
       sprintf(