diff options
author | Pressy <lwt-pressy@users.noreply.github.com> | 2017-10-31 16:14:24 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-31 16:14:24 +0300 |
commit | 3ecb752a87fd1966fc28a22ef89bfc69a723e3a1 (patch) | |
tree | 098d3eebf196860ee81bfd5d080cb3bc35747b61 | |
parent | da9ce8e9ce41428b5d9c061071b0ae9e54cea034 (diff) |
found htmlspecialchars messed up binary values for ipv6
* found htmlspecialchars messed up binary values for ipv6
-rw-r--r-- | dmarcts-report-viewer.php | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/dmarcts-report-viewer.php b/dmarcts-report-viewer.php index fc6e88b..59c332d 100644 --- a/dmarcts-report-viewer.php +++ b/dmarcts-report-viewer.php @@ -120,10 +120,9 @@ function tmpl_reportData($reportnumber, $allowed_reports, $host_lookup = 1, $sor $reportdata[] = " <tbody>"; global $mysqli; - $sql = "SELECT *, INET6_NTOA(ip6) as ip6s FROM rptrecord where serial = $reportnumber"; + $sql = "SELECT * FROM rptrecord where serial = $reportnumber"; $query = $mysqli->query($sql) or die("Query failed: ".$mysqli->error." (Error #" .$mysqli->errno.")"); while($row = $query->fetch_assoc()) { - $row = array_map('htmlspecialchars', $row); $status=""; if (($row['dkimresult'] == "fail") && ($row['spfresult'] == "fail")) { $status="red"; @@ -135,13 +134,16 @@ function tmpl_reportData($reportnumber, $allowed_reports, $host_lookup = 1, $sor $status="yellow"; }; - if ( $row['ip'] > 0 ) { + if ( $row['ip'] ) { $ip = long2ip($row['ip']); - } elseif ( $row['ip6s'] ) { - $ip = $row['ip6s']; + } elseif ( $row['ip6'] ) { + $ip = inet_ntop($row['ip6']); } else { $ip = "-"; } + + /* escape html characters after exploring binary values, which will be messed up */ + $row = array_map('htmlspecialchars', $row); $reportdata[] = " <tr class='".$status."'>"; $reportdata[] = " <td>". $ip. "</td>"; |