You are not logged in.
We are using the customfields plugin (version 1.4) with the latest version of glpi (0.83.4) and some of our custom fields are a text (multiple line) type. When we update these fields a change is logged in the history log, but newline characters, which are actually "\r\n", are converted into just "rn" before they are inserted into the glpi_logs table. I tried looking through the glpi code and found that the inc/log.class.php:history() function sanitizes the data before inserting it into the table by doing this:
$new_value = mysql_real_escape_string(Toolbox::substr(stripslashes($new_value), 0, 180));but it is behaving as if the mysql_real_escape_string() function is called before the stripslashes() function, and the only other place this could possibly be done is in the ./inc/toolbox.class.php:addslashes_deep() function. So, I think this must be getting called before the log history() function somewhere, but I got lost trying to trace the data update and loging process in the code.
Anyone have any suggestions on how this could be fixed safely? Is the stripslashes() function really needed above. It seems odd to have the data escaped, then strip the slashes and then escape the data again before inserting into the DB.
Offline