diff --git a/www-ssl/inc/funktion_db.php b/www-ssl/inc/funktion_db.php index 06decc47..0c54c2d3 100644 --- a/www-ssl/inc/funktion_db.php +++ b/www-ssl/inc/funktion_db.php @@ -31,7 +31,7 @@ if( !function_exists("db_query")) function db_query( $SQL, $comment) { - global $con; + global $con, $Page; //commed anlyse udn daten sicherung $Diff = ""; @@ -41,6 +41,9 @@ if( !function_exists("db_query")) $Table_Start = strpos( $SQL, "`"); $Table_End = strpos( $SQL, "`", $Table_Start+1); $Table = substr( $SQL, $Table_Start, ($Table_End-$Table_Start+1)); + + //SecureTest + if( $Table_Start == 0 || $Table_End == 0) die("

funktion_db ERROR SQL: '$SQL' nicht OK

"); //WHERE ermitteln $Where_Start = strpos( $SQL, "WHERE"); @@ -79,19 +82,19 @@ if( !function_exists("db_query")) } //abschneiden wenn zu lang - if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). ")"; + if( strlen( $Where) < 2) $Diff = "can't show, too mutch data (no filter was set)"; +// if( strlen( $Diff) > 5120) $Diff = "too mutch (len ". strlen( $Diff). "bytes)"; + $SQLCommand = "SQL:
". htmlentities( $SQL, ENT_QUOTES). "

Diff:
$Diff"; + $Commend = htmlentities( ($Page["Name"]. ": ". $comment), ENT_QUOTES); //LOG commands in DB $SQL_SEC = "INSERT INTO `ChangeLog` ( `UID` , `SQLCommad` , `Commend` ) ". " VALUES ( ". "'". $_SESSION['UID']. "', ". - "'SQL:
". htmlentities( $SQL, ENT_QUOTES). "

". - "Diff:
$Diff', ". - "'". htmlentities( $comment, ENT_QUOTES). "' );"; + "'". mysql_escape_string( $SQLCommand). "', ". + "'". mysql_escape_string( $Commend). "' );"; $erg = mysql_query($SQL_SEC, $con); -echo "##$erg"; echo mysql_error($con); -echo "##"; return $querry_erg; }//function db_query( } diff --git a/www-ssl/inc/header.php b/www-ssl/inc/header.php index 8d5a1341..c7c13957 100755 --- a/www-ssl/inc/header.php +++ b/www-ssl/inc/header.php @@ -2,7 +2,7 @@ include ("./inc/config.php"); include ("./inc/db.php"); include ("./inc/funktion_lang.php"); -include("./inc/funktion_menu.php"); +include ("./inc/funktion_menu.php"); session_start(); include ("./inc/secure.php"); /*if ( (!IsSet($_SESSION['UID'])) && (strstr ($_SERVER['PHP_SELF'], "nonpublic") !="" ) ) {