Project

General

Profile

Bug #9776

Wrong function in squidguard_log.php

Added by 2S Suchorski GAPLS 27 days ago. Updated 27 days ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
squidguard
Target version:
-
Start date:
09/20/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

There is an error on squidguard_log.php
This function needs to be changed

function squidguard_prepfor_JS($cont) {
        # replace for JS
        $cont = str_replace("\n", "\\n", $cont);
        $cont = str_replace("\r", "\\r", $cont);
        $cont = str_replace("\t", "\\t", $cont);
        $cont = str_replace("\"", "\'",  $cont);
        $cont = str_replace("'", "\'",  $cont);
        return $cont;
}

The $cont = str_replace("'", "'", $cont); needs to be before the $cont = str_replace(""", "'", $cont);
Because if the replace of ' to \' before the " to \' will cause a ' to be changed to \\' and will generate an html with ' inside ' without escape.
This causes to config files with ' to not be displayed when we change the view to show the config file

History

#1 Updated by Jim Pingle 27 days ago

  • Category set to squidguard

Also available in: Atom PDF