squidGuard squidguard_log.php wrong

  • There is an error on squidguard_log.php

    This function needs to be changed

    function squidguard_prepfor_JS($cont) {
            # replace for JS
            $cont = str_replace("\n", "\\n", $cont);
            $cont = str_replace("\r", "\\r", $cont);
            $cont = str_replace("\t", "\\t", $cont);
            $cont = str_replace("\"", "\'",  $cont);
            $cont = str_replace("'", "\'",  $cont);
            return $cont;

    The $cont = str_replace("'", "'", $cont); needs to be before the $cont = str_replace(""", "'", $cont);

    Because if the replace of ' to \' before the " to \' will cause a ' to be changed to \\' and will generate an html with ' inside ' without escape.

    This causes to config files with ' to not be displayed when we change the view to show the config file


  • Rebel Alliance Developer Netgate

Log in to reply