From 351c2f56b7dd0a59e8d1416e96548cfb1a2287e5 Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Mon, 10 Dec 2018 16:46:49 +0100 Subject: [PATCH] * Api/Filemanager/WebDAV: fix SQL error if login error or WebDAV path contains non-ascii chars in that case we transliterate these to ascii for storage in egw_access_log table, which only allows ascii chars --- api/src/Session.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/api/src/Session.php b/api/src/Session.php index 0b261be8bb..91587db3d0 100644 --- a/api/src/Session.php +++ b/api/src/Session.php @@ -675,7 +675,7 @@ class Session /** * Write or update (for logout) the access_log * - * @param string|int $sessionid nummeric or PHP session id or 0 for unsuccessful logins + * @param string|int $sessionid nummeric or PHP session id or error-message for unsuccessful logins * @param string $login ='' account_lid (evtl. with domain) or '' for setting the logout-time * @param string $user_ip ='' ip to log * @param int $account_id =0 numerical account_id @@ -685,6 +685,13 @@ class Session { $now = time(); + // if sessionid contains non-ascii chars (only happens for error-messages) + // --> transliterate it to ascii, as session_php only allows ascii chars + if (preg_match('/[^\x20-\x7f]/', $sessionid)) + { + $sessionid = Translation::to_ascii($sessionid); + } + if ($login) { $GLOBALS['egw']->db->insert(self::ACCESS_LOG_TABLE,array( @@ -1407,10 +1414,16 @@ class Session /** * Set action logged in access-log * + * Non-ascii chars in $action get transliterate to ascii, as our session_action column allows only ascii. + * * @param string $action */ public function set_action($action) { + if (preg_match('/[^\x20-\x7f]/', $action)) + { + $action = Translation::to_ascii($action); + } $this->action = $action; }