0

I wrote a small python script that takes postfix/dovecot logs and uploads it to mariadb database. The table has only 2 rows, id(key) and log(text).

Everything is working except when I search in HTML page for a particular log, it displays this:

Oct 30 00:14:26 mailserver postfix/smtpd[1321]: NOQUEUE: reject: RCPT from mx.mailbox.rs[109.245.241.198]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo=

As you see, "from=", "to=", and "helo=" are empty and they should be there.

I have a full log in database:

Oct 30 00:14:26 mailserver postfix/smtpd[1321]: NOQUEUE: reject: RCPT from mx.mailbox.rs[109.245.241.198]: 450 4.1.8 <xxx@xxx.xx>: Sender address rejected: Domain not found; from=<xxx@mail.xxx.xxx> to=<xxx@mxxx.xx> proto=ESMTP helo=<mx.mailbox.rs>

It seems that "<>" these signs are the problem.

Database encoding is utf8. I use datatables.net for displaying results and searching the logs.

Here is the code

<?php 
// Database connection info 
$dbDetails = array( 
    'host' => 'localhost', 
    'user' => 'xxx', 
    'pass' => 'xxx', 
    'db'   => 'xxx', 
    'charset' => 'utf8'
); 
 
// DB table to use 
$table = 'logs'; 
 
// Table's primary key 
$primaryKey = 'id'; 
 
// Array of database columns which should be read and sent back to DataTables. 
// The `db` parameter represents the column name in the database.  
// The `dt` parameter represents the DataTables column identifier. 
$columns = array( 
    array( 'db' => 'id', 'dt' => 0 ), 
    array( 'db' => 'log',  'dt' => 1 ), 
); 
 
// Include SQL query processing class 
require 'ssp.class.php'; 
 
// Output data as json format 
echo json_encode( 
    SSP::simple( $_GET, $dbDetails, $table, $primaryKey, $columns ) 
);

<!-- DataTables CSS library -->
<link rel="stylesheet" type="text/css" href="https://cdn.datatables.net/1.10.22/css/jquery.dataTables.min.css"/>

<!-- jQuery library -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>

<!-- DataTables JS library -->
<script type="text/javascript" src="https://cdn.datatables.net/1.10.22/js/jquery.dataTables.min.js"></script>

<script>
$(document).ready(function(){
    $('#memListTable').DataTable({
        "processing": true,
        "serverSide": true,
        "ajax": "getData.php"
    });
});
</script>

<table id="memListTable" class="display" style="width:100%">
    <thead>
        <tr>
            <th>ID</th>
            <th>Log</th>
        </tr>
    </thead>
    <tfoot>
        <tr>
            <th>ID</th>
            <th>Log</th>
        </tr>
    </tfoot>
</table>


</html>

EDIT2

I tried using:

function filter(&$value) {
  $value = htmlspecialchars($value, ENT_SUBSTITUTE, ENT_COMPAT, 'UTF-8');
}
array_walk_recursive($columns, "filter");

with no luck.

Aleksa Markovic
  • 15
  • 6
  • < and > are html chars, so you need to escape them, you tagged php so presuming your after [htmlspecialchars](https://www.php.net/manual/en/function.htmlspecialchars.php) – Lawrence Cherone Oct 30 '20 at 20:09
  • @LawrenceCherone well, since i use datatables.net i am only displaying data from database. – Aleksa Markovic Oct 30 '20 at 20:13
  • @LawrenceCherone how should i do that in this case? Thanks a lot for the info. – Aleksa Markovic Oct 30 '20 at 20:17
  • your prob need to use a columnDefs renderer and [then do in javascript](https://stackoverflow.com/questions/1787322/htmlspecialchars-equivalent-in-javascript) due to using that SSP::simple class https://datatables.net/reference/option/columns.render – Lawrence Cherone Oct 30 '20 at 20:21
  • alternatively instead of directly json_encoding SSP::simple, save to a var and loop over the result with array_map or similar and apply the escaping there – Lawrence Cherone Oct 30 '20 at 20:34
  • @LawrenceCherone I'm dumb for this. Everything i do doesn't work. – Aleksa Markovic Oct 30 '20 at 20:34
  • @LawrenceCherone i tried function filter(&$value) { $value = htmlspecialchars($value, ENT_SUBSTITUTE, ENT_COMPAT, 'UTF-8'); } array_walk_recursive($columns, "filter"); but it doesn't work – Aleksa Markovic Oct 31 '20 at 22:37

0 Answers0