Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
fix: added missing conversion to HTML entities
  • Loading branch information
thorsten committed Nov 1, 2022
1 parent 0f57bb0 commit 1adf42d
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 24 deletions.
14 changes: 7 additions & 7 deletions phpmyfaq/admin/stat.adminlog.php
Expand Up @@ -7,19 +7,19 @@
* v. 2.0. If a copy of the MPL was not distributed with this file, You can
* obtain one at http://mozilla.org/MPL/2.0/.
*
* @package phpMyFAQ
* @author Thorsten Rinne <thorsten@phpmyfaq.de>
* @package phpMyFAQ
* @author Thorsten Rinne <thorsten@phpmyfaq.de>
* @copyright 2003-2022 phpMyFAQ Team
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
* @link https://www.phpmyfaq.de
* @since 2003-02-23
* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
* @link https://www.phpmyfaq.de
* @since 2003-02-23
*/

use phpMyFAQ\Date;
use phpMyFAQ\Filter;
use phpMyFAQ\Link;
use phpMyFAQ\Logging;
use phpMyFAQ\Pagination;
use phpMyFAQ\Strings;

if (!defined('IS_VALID_PHPMYFAQ')) {
http_response_code(400);
Expand Down Expand Up @@ -114,7 +114,7 @@
<tr>
<td><?= $loggingId ?></td>
<td><?= $date->format(date('Y-m-d H:i', $loggingValue['time'])) ?></td>
<td><?= $user->getLogin() ?></td>
<td><?= Strings::htmlentities($user->getLogin()) ?></td>
<td><?= $loggingValue['ip'] ?></td>
<td><small><?php
$text = $loggingValue['text'];
Expand Down
26 changes: 9 additions & 17 deletions phpmyfaq/src/phpMyFAQ/Logging.php
Expand Up @@ -24,10 +24,8 @@
*/
class Logging
{
/**
* @var Configuration
*/
private $config = null;
/** @var Configuration */
private Configuration $config;

/**
* Constructor.
Expand All @@ -44,16 +42,9 @@ public function __construct(Configuration $config)
*
* @return int
*/
public function getNumberOfEntries()
public function getNumberOfEntries(): int
{
$query = sprintf(
'
SELECT
id
FROM
%sfaqadminlog',
Database::getTablePrefix()
);
$query = sprintf('SELECT id FROM %sfaqadminlog', Database::getTablePrefix());

return $this->config->getDb()->numRows(
$this->config->getDb()->query($query)
Expand All @@ -65,7 +56,7 @@ public function getNumberOfEntries()
*
* @return array
*/
public function getAll()
public function getAll(): array
{
$data = [];

Expand All @@ -80,6 +71,7 @@ public function getAll()
);

$result = $this->config->getDb()->query($query);

while ($row = $this->config->getDb()->fetchObject($result)) {
$data[$row->id] = array(
'time' => $row->time,
Expand All @@ -100,7 +92,7 @@ public function getAll()
*
* @return bool
*/
public function logAdmin(User $user, $logText = '')
public function logAdmin(User $user, string $logText = ''): bool
{
if ($this->config->get('main.enableAdminLog')) {
$query = sprintf(
Expand All @@ -112,10 +104,10 @@ public function logAdmin(User $user, $logText = '')
(%d, %d, %d, '%s', '%s')",
Database::getTablePrefix(),
$this->config->getDb()->nextId(Database::getTablePrefix() . 'faqadminlog', 'id'),
$_SERVER['REQUEST_TIME'],
$this->config->getDb()->escape($_SERVER['REQUEST_TIME']),
$user->userdata->get('user_id'),
$this->config->getDb()->escape(nl2br($logText)),
$_SERVER['REMOTE_ADDR']
$this->config->getDb()->escape($_SERVER['REMOTE_ADDR'])
);

return $this->config->getDb()->query($query);
Expand Down

0 comments on commit 1adf42d

Please sign in to comment.