Open-AudIT

French bug
If Software name contain ' (cote)
for example
Cognos Serveur d'accès centralisé pour Windows
i got the error

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in C:\Program Files\Apache Group\Apache2\htdocs\openaudit\list_software.php on line 71

When i click on the software name link to see where is install this software

Hello,

I can not reproduce the problem. Are you using the actual SVN?

In the calling script is the function urlencode() used for escaping all special-characters. The sql-query in the receiving script has to run with the escaped characters >\'<.

Could please post the whole error-message including the sql-statement?

what is SVN ?

the audit.vbs script is ok and fill the software table correctly

software_id software_uuid software_name
7 4C4C4544-004C-5A10-8048-C8C04F53314A Cognos EP Series 7
8 4C4C4544-004C-5A10-8048-C8C04F53314A Cognos Serveur d'accès centralisé pour Windows
but i the software page if i click on the link : "Cognos Serveur d'accès centralisé pour Windows"
" i got the error because the link is :
http://s00604/openaudit/list_software.p ... Serveur%20d'accès%20centralisé%20pour%20Windows containing '
and the line 68 of list_software.php is
$sql = "SELECT software_name, software_version, software_publisher, net_ip_address, system_uuid, system_name, system_description FROM software, system where software_name = '" . $_GET["name"] . "' AND software_uuid = system_uuid AND software_timestamp = system_timestamp ORDER BY " . $sort;

$_GET["name"] contain a cote and the query is not correct :
SELECT software_name, software_version, software_publisher, net_ip_address, system_uuid, system_name, system_description FROM software, system where software_name = 'Cognos Serveur d'a ccès centralisé pour Windows' AND software_uuid = system_uuid AND software_timestamp = system_timestamp ORDER BY system_name
[b][u]

SVN ist our Subversion-Archiv. The downloadable Zip-Release is very old.

> d'a

In my environment this line is as follows:

> d%27a


Please update to this file:

https://svn.sourceforge.net/svnroot/ope ... k/list.php

I don't understand your response.

I download the file https://svn.sourceforge.net/svnroot/ope ... k/list.php

but it don't look like the list_software.php file or the include_function.php file

list_software.php generate the false link with : url_clean($myrow["software_name"])
and in include_function.php i got

function url_clean($url)
{
$url_clean = str_replace ('%','%25',$url);
$url_clean = str_replace ('$','%24',$url_clean);
$url_clean = str_replace (' ','%20',$url_clean);
$url_clean = str_replace ('+','%2B',$url_clean);
$url_clean = str_replace ('&','%26',$url_clean);
$url_clean = str_replace (',','%2C',$url_clean);
$url_clean = str_replace ('/','%2F',$url_clean);
$url_clean = str_replace (':','%3A',$url_clean);
$url_clean = str_replace ('=','%3D',$url_clean);
$url_clean = str_replace ('?','%3F',$url_clean);
$url_clean = str_replace ('<','%3C',$url_clean);
$url_clean = str_replace ('>','%3E',$url_clean);
$url_clean = str_replace ('#','%23',$url_clean);
$url_clean = str_replace ('{','%7B',$url_clean);
$url_clean = str_replace ('}','%7D',$url_clean);
$url_clean = str_replace ('|','%7C',$url_clean);
$url_clean = str_replace ('\\','%5C',$url_clean);
$url_clean = str_replace ('^','%5E',$url_clean);
$url_clean = str_replace ('~','%7E',$url_clean);
$url_clean = str_replace ('[','%5B',$url_clean);
$url_clean = str_replace (']','%5D',$url_clean);
$url_clean = str_replace ('`','%60',$url_clean);
return $url_clean;
}
nowhere ' is replace with %27

A other question is the openaudit Version 06.07.25 so old ? is there a newer ?


Bests regards
Jean-Pierre

> A other question is the openaudit Version 06.07.25 so old ? is there a newer ?

That's the problem. You are using a pre-release. The most actual code is in the svn. Please take the new code svn-client (like tortoise).

Here is the URL for your client:
https://svn.sourceforge.net/svnroot/open-audit/trunk/