From faa16c689fb8e9b476c065c1974c8f1cda737991 Mon Sep 17 00:00:00 2001
From: hahn <axel.hahn@iml.unibe.ch>
Date: Tue, 19 Jul 2022 16:35:22 +0200
Subject: [PATCH] action log quotes in message

---
 public_html/deployment/classes/actionlog.class.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/public_html/deployment/classes/actionlog.class.php b/public_html/deployment/classes/actionlog.class.php
index e09d1da9..21e197f8 100644
--- a/public_html/deployment/classes/actionlog.class.php
+++ b/public_html/deployment/classes/actionlog.class.php
@@ -82,7 +82,7 @@ class Actionlog {
      */
     private function _makeQuery($sSql) {
         // $this->_log(__FUNCTION__."($sSql)");
-        // echo "<pre>$sSql</pre>";
+        // echo "<pre>".htmlentities($sSql)."</pre>";
         $db = new PDO("sqlite:" . $this->_dbfile);
         $result = $db->query($sSql);
         /*
@@ -113,7 +113,7 @@ class Actionlog {
             '" . $this->_sUser . "',
             '" . $this->_sProject . "',
             '" . $sAction . "',
-            '" . $sMessage . "'
+            '" . str_replace("'", '"', $sMessage) . "'
           );
         ";
         /*
-- 
GitLab