From c55a02f9419b8eedaeb68236187d9ad2ef25e285 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Tue, 25 Jul 2017 19:03:29 +0200
Subject: [roomplanner] Sanitize input (ASCII columns)

---
 modules-available/roomplanner/page.inc.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'modules-available')

diff --git a/modules-available/roomplanner/page.inc.php b/modules-available/roomplanner/page.inc.php
index a35023b9..4e36d3ba 100644
--- a/modules-available/roomplanner/page.inc.php
+++ b/modules-available/roomplanner/page.inc.php
@@ -88,14 +88,15 @@ class Page_Roomplanner extends Page
 
 		if ($this->action === 'getmachines') {
 			$query = Request::get('query', false, 'string');
+			$aquery = preg_replace('/[^\x01-\x7f]+/', '%', $query);
 
 			$result = Database::simpleQuery('SELECT machineuuid, macaddr, clientip, hostname '
 				. 'FROM machine '
-				. 'WHERE machineuuid LIKE :query '
-				. ' OR macaddr  	 LIKE :query '
-				. ' OR clientip    LIKE :query '
+				. 'WHERE machineuuid LIKE :aquery '
+				. ' OR macaddr  	 LIKE :aquery '
+				. ' OR clientip    LIKE :aquery '
 				. ' OR hostname	 LIKE :query '
-				. ' LIMIT 100', ['query' => "%$query%"]);
+				. ' LIMIT 100', ['query' => "%$query%", 'aquery' => "%$aquery%"]);
 
 			$returnObject = ['machines' => []];
 
-- 
cgit v1.2.3-55-g7522