Changed db_escape to seal the system against XSS atacks

author Janusz Dobrowolski <janusz@frontaccounting.eu>

Fri, 18 Apr 2008 10:00:30 +0000 (10:00 +0000)

committer Janusz Dobrowolski <janusz@frontaccounting.eu>

Fri, 18 Apr 2008 10:00:30 +0000 (10:00 +0000)
author Janusz Dobrowolski <janusz@frontaccounting.eu>
Fri, 18 Apr 2008 10:00:30 +0000 (10:00 +0000)
committer Janusz Dobrowolski <janusz@frontaccounting.eu>
Fri, 18 Apr 2008 10:00:30 +0000 (10:00 +0000)
diff --git a/CHANGELOG.txt b/CHANGELOG.txt

index 98f9f4b12c252d29097ad441883e560b119490b7..3da935120119640bd343677973ee4c752b453ee6 100644 (file)
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,16 @@ Legend:
  ! -> Note
  $ -> Affected files
  
+18-Apr-08 Janusz Dobrwolski
+! Changed db_escape function to avoid XSS atacks via js db injection
+$ /includes/db/connect_db.inc
+# Database inserts/updates secured against js injection
+$ /admin/db/maintenance_db.inc
+  /gl/includes/db/gl_db_accounts.inc
+  /purchasing/includes/db/po_db.inc
+  /sales/sales_order_entry.php
+  /sales/includes/db/sales_order_db.inc
+
  16-Apr-2008 Joe Hunt
  # Bug in /includes/ui/ui_lists.inc:914. Sql clause was cut.
  $ /includes/ui/ui_lists.inc
author	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Fri, 18 Apr 2008 10:00:30 +0000 (10:00 +0000)
committer	Janusz Dobrowolski <janusz@frontaccounting.eu>
	Fri, 18 Apr 2008 10:00:30 +0000 (10:00 +0000)