Hello,
I looked for a way to submit a bug report, but I didn't see any obvious
way, so I am reporting it here.
There is an error in inc/log.function.php on line 71
Data inserted into the history log is not properly escaped, so if it
contains a single quote GLPI generates an error.
Here is a quick (but incorrect) fix-use the addslashes function to
escape the data:
$query = "INSERT INTO glpi_history
(FK_glpi_device,device_type,device_internal_type,linked_action,user_name
,date_mod,id_search_option,old_value,new_value) VALUES
('$id_device','$device_type','$device_internal_type','$linked_action','"
.
addslashes($username)."','$date_mod','$id_search_option','".addslashes(u
tf8_substr($old_value,0,250))."','".addslashes(utf8_substr($new_value,0,
250))."');";
To replicate this error, type text that contains a single quote in the
notes field and click update.
That is all,
Ryan
_______________________________________________
Glpi-dev mailing list
Glpi-dev@gna.org
https://mail.gna.org/listinfo/glpi-dev
