From d8a2aa3e88bc8d336e67e5db5b2a935d45c4749e Mon Sep 17 00:00:00 2001
From: Lucas D'Avila <lucas@lucasdavi.la>
Date: Mon, 25 Feb 2013 16:59:50 -0300
Subject: [PATCH] Escapado string, antes de inserir no banco de dados.

---
 ieducar/intranet/include/clsBase.inc.php | 2 ++
 1 file changed, 2 insertions(+), 0 deletions(-)

diff --git a/ieducar/intranet/include/clsBase.inc.php b/ieducar/intranet/include/clsBase.inc.php
index 726882f..f117599 100755
--- a/ieducar/intranet/include/clsBase.inc.php
+++ b/ieducar/intranet/include/clsBase.inc.php
@@ -51,6 +51,7 @@ require_once 'include/funcoes.inc.php';
 
 require_once 'Portabilis/Utils/Database.php';
 require_once 'Portabilis/Utils/User.php';
+require_once 'Portabilis/String/Utils.php';
 
 require_once 'modules/Error/Mailers/NotificationMailer.php';
 
@@ -256,6 +257,7 @@ class clsBase extends clsConfig
           }
 
           $variaveis = "POST\n{$posts}GET\n{$gets}SESSION\n{$sessions}";
+          $variaveis = Portabilis_String_Utils::toLatin1($variaveis, array('escape' => true));
 
           if ($this->currentUserId()) {
             $this->db()->Consulta("INSERT INTO intranet_segur_permissao_negada (ref_ref_cod_pessoa_fj, ip_externo, ip_interno, data_hora, pagina, variaveis) VALUES('{$this->currentUserId()}', '$ip', '$ip_de_rede', NOW(), '$pagina', '$variaveis')");
--
libgit2 0.21.2