Stop double escaping the notes post variable. #3149

Merged
merged 1 commit into from Mar 3, 2016

Projects

None yet

3 participants

@khobbits
Contributor
khobbits commented Mar 3, 2016

Patch the symptom not the problem!

Looks like we are using 'mres' to escape variables on user input, but also escaping them down in dbFacile. This means certain characters will be double escaped and will be converted to plain text.

This was tested with dbFacile.mysqli, not db.Facile.mysql.

We should probably go through the code base and tidy up other instances of double escaping, but it will usually only be apparent when allowing users to input text into free text areas.

@khobbits khobbits Stop double escaping the notes post variable
c321d4e
@laf laf merged commit 833b169 into librenms:master Mar 3, 2016

2 checks passed

Auto-Deploy Build finished. No test results found.
Details
Scrutinizer No new issues
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment