From 8e234a05a233440706891984a170cbd5008c80e7 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 28 Nov 2011 18:09:06 +0100
Subject: ocsinventory 2.0.3

---
 ocsinventory-deprecated.patch | 78 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 ocsinventory-deprecated.patch

(limited to 'ocsinventory-deprecated.patch')

diff --git a/ocsinventory-deprecated.patch b/ocsinventory-deprecated.patch
new file mode 100644
index 0000000..de46c86
--- /dev/null
+++ b/ocsinventory-deprecated.patch
@@ -0,0 +1,78 @@
+diff -up ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig ocsreports/plugins/main_sections/ms_dict/ms_dict.php
+--- ocsreports/plugins/main_sections/ms_dict/ms_dict.php.orig	2011-11-28 17:54:50.000000000 +0100
++++ ocsreports/plugins/main_sections/ms_dict/ms_dict.php	2011-11-28 17:55:45.000000000 +0100
+@@ -37,8 +37,8 @@ if ($protectedPost['RESET']=="RESET")
+ unset($protectedPost['search']);
+ //filtre
+ if ($protectedPost['search']){
+-	$search_cache=" and cache.name like '%".mysql_escape_string($protectedPost['search'])."%' ";
+-	$search_count=" and extracted like '%".mysql_escape_string($protectedPost['search'])."%' ";
++	$search_cache=" and cache.name like '%".mysql_real_escape_string($protectedPost['search'])."%' ";
++	$search_count=" and extracted like '%".mysql_real_escape_string($protectedPost['search'])."%' ";
+ }
+ else{
+ 	$search="";
+@@ -123,7 +123,7 @@ if ($protectedPost['onglet'] == 'CAT'){
+ 		} 
+ 		$querydico=substr($querydico,0,-1);
+ 		$querydico .= " from dico_soft left join ".$table." cache on dico_soft.extracted=cache.name
+-				 where formatted='".mysql_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED";
++				 where formatted='".mysql_real_escape_string($list_cat[$protectedPost['onglet_soft']])."' ".$search_count." group by EXTRACTED";
+ }
+ /*******************************************************CAS OF NEW*******************************************************/
+ if ($protectedPost['onglet'] == 'NEW'){
+@@ -311,4 +311,4 @@ echo "<input type='hidden' name='RESET' 
+ echo "<input type='hidden' name='TRANS' id='TRANS' value=''>";
+ echo "<input type='hidden' name='SUP_CAT' id='SUP_CAT' value=''>";
+ echo "</form>";
+-?>
+\ Pas de fin de ligne à la fin du fichier.
++?>
+diff -up ocsreports/require/function_dico.php.orig ocsreports/require/function_dico.php
+--- ocsreports/require/function_dico.php.orig	2011-11-28 17:56:55.000000000 +0100
++++ ocsreports/require/function_dico.php	2011-11-28 17:57:01.000000000 +0100
+@@ -46,7 +46,7 @@ function trans($onglet,$list_soft,$affec
+ 	$table="softwares";
+ 	//verif is this cat exist
+ 	if ($new_cat != ''){
+-		$sql_verif="select extracted from dico_soft where formatted ='".mysql_escape_string($new_cat)."'";
++		$sql_verif="select extracted from dico_soft where formatted ='".mysql_real_escape_string($new_cat)."'";
+ 		$result_search_soft = mysql_query( $sql_verif, $_SESSION['OCS']["readServer"]);
+ 	 	$item_search_soft = mysql_fetch_object($result_search_soft);
+ 	 	if (isset($item_search_soft->extracted) or $new_cat == "IGNORED" or $new_cat == "UNCHANGED"){
+@@ -71,10 +71,10 @@ function trans($onglet,$list_soft,$affec
+ 				}elseif($exist_cat == "UNCHANGED"){
+ 					$sql="insert dico_soft (extracted,formatted) select distinct NAME,NAME from ".$table." where ID in (".implode(",",$list_soft).")";			
+ 				}else
+-					$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
++					$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($exist_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
+ 		}else{
+ 		 	if (!isset($already_exist)){
+-		 		$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
++		 		$sql="insert dico_soft (extracted,formatted) select distinct NAME,'".mysql_real_escape_string($new_cat)."' from ".$table." where ID in (".implode(",",$list_soft).")";
+ 		 	}else
+ 		 		echo "<script>alert('".$l->g(771)."')</script>";			
+ 		}
+diff -up ocsreports/require/function_table_html.php.orig ocsreports/require/function_table_html.php
+--- ocsreports/require/function_table_html.php.orig	2011-11-28 17:57:10.000000000 +0100
++++ ocsreports/require/function_table_html.php	2011-11-28 17:57:38.000000000 +0100
+@@ -163,7 +163,7 @@ function escape_string($array){
+ function xml_escape_string($array){
+ 	foreach ($array as $key=>$value){
+ 		$trait_array[$key]=xml_encode($value);
+-		//$trait_array[$key]=mysql_escape_string($value);
++		//$trait_array[$key]=mysql_real_escape_string($value);
+ 	}
+ 	return ($trait_array);
+ }
+@@ -801,8 +801,8 @@ function onglet($def_onglets,$form_name,
+ 	 		 $current=1;
+ 			}
+ 	  	}else{
+-	  		//echo "<script>alert('".mysql_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>";
+-			if (mysql_escape_string(stripslashes($protectedPost[$post_name])) === mysql_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){
++	  		//echo "<script>alert('".mysql_real_escape_string(stripslashes($protectedPost[$post_name]))." => ".$key."')</script>";
++			if (mysql_real_escape_string(stripslashes($protectedPost[$post_name])) === mysql_real_escape_string(stripslashes($key)) or (!isset($protectedPost[$post_name]) and $current != 1)){
+ 				 echo "id='current'";  
+ 	 			 $current=1;
+ 			}
-- 
cgit