From 9600b748bf58aae910c7f649ecccda395909302f Mon Sep 17 00:00:00 2001
From: Janusz Dobrowolski <janusz@frontaccounting.eu>
Date: Fri, 18 Apr 2008 10:00:30 +0000
Subject: [PATCH] Changed db_escape to seal the system against XSS atacks

---
 CHANGELOG.txt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 98f9f4b1..3da93512 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -19,6 +19,16 @@ Legend:
 ! -> Note
 $ -> Affected files
 
+18-Apr-08 Janusz Dobrwolski
+! Changed db_escape function to avoid XSS atacks via js db injection
+$ /includes/db/connect_db.inc
+# Database inserts/updates secured against js injection
+$ /admin/db/maintenance_db.inc
+  /gl/includes/db/gl_db_accounts.inc
+  /purchasing/includes/db/po_db.inc
+  /sales/sales_order_entry.php
+  /sales/includes/db/sales_order_db.inc
+
 16-Apr-2008 Joe Hunt
 # Bug in /includes/ui/ui_lists.inc:914. Sql clause was cut.
 $ /includes/ui/ui_lists.inc
-- 
2.30.2