diff options
Diffstat (limited to 'ocsinventory-deprecated.patch')
-rw-r--r-- | ocsinventory-deprecated.patch | 78 |
1 files changed, 78 insertions, 0 deletions
diff --git a/ocsinventory-deprecated.patch b/ocsinventory-deprecated.patch new file mode 100644 index 0000000..de46c86 --- /dev/null +++ b/ocsinventory-deprecated.patch @@ -0,0 +1,78 @@ +diff -up ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig ocsreports/plugins/main_sections/ms_dict/ms_dict.php +--- ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig 2011-11-28 17:54:50.000000000 +0100 ++++ ocsreports/plugins/main_sections/ms_dict/ms_dict.php 2011-11-28 17:55:45.000000000 +0100 +@@ -37,8 +37,8 @@ if ($protectedPost['RESET']=="RESET") + unset($protectedPost['search']); + //filtre + if ($protectedPost['search']){ +- $search_cache=" and cache.name like '%".mysql_escape_string($protectedPost['search'])."%' "; +- $search_count=" and extracted like '%".mysql_escape_string($protectedPost['search'])."%' "; ++ $search_cache=" and cache.name like '%".mysql_real_escape_string($protectedPost['search'])."%' "; ++ $search_count=" and extracted like '%".mysql_real_escape_string($protectedPost['search'])."%' "; + } + else{ + $search=""; +@@ -123,7 +123,7 @@ if ($protectedPost['onglet'] == 'CAT'){ + } + $querydico=substr($querydico,0,-1); + $querydico .= " from dico_soft left join ".$table." cache on dico_soft.extracted=cache.name +- where formatted='".mysql_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED"; ++ where formatted='".mysql_real_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED"; + } + /*******************************************************CAS OF NEW*******************************************************/ + if ($protectedPost['onglet'] == 'NEW'){ +@@ -311,4 +311,4 @@ echo "<input type='hidden' name='RESET' + echo "<input type='hidden' name='TRANS' id='TRANS' value=''>"; + echo "<input type='hidden' name='SUP_CAT' id='SUP_CAT' value=''>"; + echo "</form>"; +-?> +\ Pas de fin de ligne à la fin du fichier. ++?> +diff -up ocsreports/require/function_dico.php.orig ocsreports/require/function_dico.php +--- ocsreports/require/function_dico.php.orig 2011-11-28 17:56:55.000000000 +0100 ++++ ocsreports/require/function_dico.php 2011-11-28 17:57:01.000000000 +0100 +@@ -46,7 +46,7 @@ function trans($onglet,$list_soft,$affec + $table="softwares"; + //verif is this cat exist + if ($new_cat != ''){ +- $sql_verif="select extracted from dico_soft where formatted ='".mysql_escape_string($new_cat)."'"; ++ $sql_verif="select extracted from dico_soft where formatted ='".mysql_real_escape_string($new_cat)."'"; + $result_search_soft = mysql_query( $sql_verif, $_SESSION['OCS']["readServer"]); + $item_search_soft = mysql_fetch_object($result_search_soft); + if (isset($item_search_soft->extracted) or $new_cat == "IGNORED" or $new_cat == "UNCHANGED"){ +@@ -71,10 +71,10 @@ function trans($onglet,$list_soft,$affec + }elseif($exist_cat == "UNCHANGED"){ + $sql="insert dico_soft (extracted,formatted) select distinct NAME,NAME from ".$table." where ID in (".implode(",",$list_soft).")"; + }else +- $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; ++ $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; + }else{ + if (!isset($already_exist)){ +- $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; ++ $sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")"; + }else + echo "<script>alert('".$l->g(771)."')</script>"; + } +diff -up ocsreports/require/function_table_html.php.orig ocsreports/require/function_table_html.php +--- ocsreports/require/function_table_html.php.orig 2011-11-28 17:57:10.000000000 +0100 ++++ ocsreports/require/function_table_html.php 2011-11-28 17:57:38.000000000 +0100 +@@ -163,7 +163,7 @@ function escape_string($array){ + function xml_escape_string($array){ + foreach ($array as $key=>$value){ + $trait_array[$key]=xml_encode($value); +- //$trait_array[$key]=mysql_escape_string($value); ++ //$trait_array[$key]=mysql_real_escape_string($value); + } + return ($trait_array); + } +@@ -801,8 +801,8 @@ function onglet($def_onglets,$form_name, + $current=1; + } + }else{ +- //echo "<script>alert('".mysql_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>"; +- if (mysql_escape_string(stripslashes($protectedPost[$post_name])) === mysql_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){ ++ //echo "<script>alert('".mysql_real_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>"; ++ if (mysql_real_escape_string(stripslashes($protectedPost[$post_name])) === mysql_real_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){ + echo "id='current'"; + $current=1; + } |