Stop double escaping the notes post variable. #3149

merged 1 commit into from Mar 3, 2016


None yet

3 participants

khobbits commented Mar 3, 2016

Patch the symptom not the problem!

Looks like we are using 'mres' to escape variables on user input, but also escaping them down in dbFacile. This means certain characters will be double escaped and will be converted to plain text.

This was tested with dbFacile.mysqli, not db.Facile.mysql.

We should probably go through the code base and tidy up other instances of double escaping, but it will usually only be apparent when allowing users to input text into free text areas.

@khobbits khobbits Stop double escaping the notes post variable
@laf laf merged commit 833b169 into librenms:master Mar 3, 2016

2 checks passed

Auto-Deploy Build finished. No test results found.
Scrutinizer No new issues
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment