diff --git a/www-ssl/inc/funktion_db.php b/www-ssl/inc/funktion_db.php
index 06decc47..0c54c2d3 100644
--- a/www-ssl/inc/funktion_db.php
+++ b/www-ssl/inc/funktion_db.php
@@ -31,7 +31,7 @@ if( !function_exists("db_query"))
function db_query( $SQL, $comment)
{
- global $con;
+ global $con, $Page;
//commed anlyse udn daten sicherung
$Diff = "";
@@ -41,6 +41,9 @@ if( !function_exists("db_query"))
$Table_Start = strpos( $SQL, "`");
$Table_End = strpos( $SQL, "`", $Table_Start+1);
$Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1));
+
+ //SecureTest
+ if( $Table_Start == 0 || $Table_End == 0) die("
funktion_db ERROR SQL: '$SQL' nicht OK
");
//WHERE ermitteln
$Where_Start = strpos( $SQL, "WHERE");
@@ -79,19 +82,19 @@ if( !function_exists("db_query"))
}
//abschneiden wenn zu lang
- if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). ")";
+ if( strlen( $Where) < 2) $Diff = "can't show, too mutch data (no filter was set)";
+// if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). "bytes)";
+ $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES). "
Diff:
$Diff";
+ $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES);
//LOG commands in DB
$SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ".
" VALUES ( ".
"'". $_SESSION['UID']. "', ".
- "'SQL:
". htmlentities( $SQL, ENT_QUOTES). "
".
- "Diff:
$Diff', ".
- "'". htmlentities( $comment, ENT_QUOTES). "' );";
+ "'". mysql_escape_string( $SQLCommand). "', ".
+ "'". mysql_escape_string( $Commend). "' );";
$erg = mysql_query($SQL_SEC, $con);
-echo "##$erg";
echo mysql_error($con);
-echo "##";
return $querry_erg;
}//function db_query(
}
diff --git a/www-ssl/inc/header.php b/www-ssl/inc/header.php
index 8d5a1341..c7c13957 100755
--- a/www-ssl/inc/header.php
+++ b/www-ssl/inc/header.php
@@ -2,7 +2,7 @@
include ("./inc/config.php");
include ("./inc/db.php");
include ("./inc/funktion_lang.php");
-include("./inc/funktion_menu.php");
+include ("./inc/funktion_menu.php");
session_start();
include ("./inc/secure.php");
/*if ( (!IsSet($_SESSION['UID'])) && (strstr ($_SERVER['PHP_SELF'], "nonpublic") !="" ) ) {