Issue status update for http://drupal.org/node/24957 Project: Drupal Version: 4.6.0 Component: watchdog.module Category: feature requests Priority: normal Assigned to: Anonymous Reported by: pyromanfo Updated by: Dries Status: patch I wouldn't fix the problem. The solution is to properly use the dababase API. That is, to use the '%s' and %d directives. Dries Previous comments: ------------------------------------------------------------------------ June 14, 2005 - 03:34 : pyromanfo Attachment: http://drupal.org/files/issues/watchdog_search.patch (2.75 KB) This patch allows you to search the watchdog log for some text in the hostname, user or the message itself. Also if you enter a severity, 'error','warning','notice' it'll filter by that. Works in tandem with the dropdown filter box. ------------------------------------------------------------------------ June 19, 2005 - 22:30 : Dries These queries are not secure. If someone manages to extend an administrator's session information (through a bug elsewhere), they would be able to execute SQL queries. ------------------------------------------------------------------------ June 20, 2005 - 16:13 : pyromanfo Would moving it to the standard POST query paramater fix it?