[syslog] Fixed sql injection prevention

author: Jannik Schönartz 2017-11-23 15:06:38 +0100
committer: Jannik Schönartz 2017-11-23 15:06:38 +0100
commit: c3693e94fbbdefb9f84f633fc0efadfd2324bbf0 (patch)
tree: 6559c9a1af2a9b0e0be530c6af52141c74871d7e /modules-available/syslog
parent: [syslog] Added sql injection prevention (diff)
download: slx-admin-c3693e94fbbdefb9f84f633fc0efadfd2324bbf0.tar.gz
slx-admin-c3693e94fbbdefb9f84f633fc0efadfd2324bbf0.tar.xz
slx-admin-c3693e94fbbdefb9f84f633fc0efadfd2324bbf0.zip
1 files changed, 1 insertions, 2 deletions
diff --git a/modules-available/syslog/page.inc.php b/modules-available/syslog/page.inc.php
index e026107f..927a3adf 100644
--- a/modules-available/syslog/page.inc.php
+++ b/modules-available/syslog/page.inc.php
@@ -55,8 +55,7 @@ class Page_SysLog extends Page
 			else
 				$whereClause .= ' AND ';
 
-			   $muid = Request::get('machineuid', '', string);
-				$whereClause .= "machineuuid='" . $muid . "'";
+				$whereClause .= "machineuuid='" . preg_replace('/[^0-9a-zA-Z\-]/', '', Request::get('machineuuid', '', 'string')) . "'";
 		}
 		$today = date('d.m.Y');
 		$yesterday = date('d.m.Y', time() - 86400);
author	Jannik Schönartz	2017-11-23 15:06:38 +0100
committer	Jannik Schönartz	2017-11-23 15:06:38 +0100
commit	c3693e94fbbdefb9f84f633fc0efadfd2324bbf0 (patch)
tree	6559c9a1af2a9b0e0be530c6af52141c74871d7e /modules-available/syslog
parent	[syslog] Added sql injection prevention (diff)
download	slx-admin-c3693e94fbbdefb9f84f633fc0efadfd2324bbf0.tar.gz slx-admin-c3693e94fbbdefb9f84f633fc0efadfd2324bbf0.tar.xz slx-admin-c3693e94fbbdefb9f84f633fc0efadfd2324bbf0.zip