If you execute a query in Professional or Enterprise, then use the Filtering option, it will return a blank resultset.
There is an issue in the code for Community causing this.
This has been addressed in Open-AudIT 4.0.2 and a backported fix is below for Open-AudIT 3.5.0.
In the file -
Linux - /usr/local/open-audit/code_igniter/application/helpers/response_helper.php
Windows - c:\xampp\open-audit\code_igniter\application\helpers\response_helper.php
The code block around lines 1771 - 1789, look like below.
Code Block |
---|
if ( ! empty($properties) and $properties !== $sub_resource . '.*') { // Validate the properties are database columns $properties = explode(',', $properties); for ($i=0; $i < count($properties); $i++) { if (strpos($properties[$i], '.') !== false) { $temp = explode('.', $properties[$i]); if ( ! $instance->db->field_exists($temp[1], $temp[0])) { $log->detail = 'Invalid property supplied (' . htmlentities($properties[$i]) . '), removed.'; unset($properties[$i]); } } else { if ( ! $instance->db->field_exists($properties[$i], $table)) { $log->detail = 'Invalid property supplied (' . htmlentities($properties[$i]) . '), removed.'; unset($properties[$i]); } } } $properties = implode(',', $properties); } |
Change it to:
Code Block |
---|
if ( ! empty($properties) and $properties !== $sub_resource . '.*') { // Validate the properties are database columns $properties = explode(',', $properties); for ($i=0; $i < count($properties); $i++) { if (strpos($properties[$i], '.') !== false) { $temp = explode('.', $properties[$i]); if ( ! $instance->db->table_exists($temp[0])) { $log->detail = 'Invalid property supplied (' . htmlentities(mysqli_real_escape_string($instance->db->conn_id, $properties[$i])) . '), removed.'; unset($properties[$i]); stdlog($log); } else if ( ! $instance->db->field_exists($temp[1], $temp[0])) { $log->detail = 'Invalid property supplied (' . htmlentities(mysqli_real_escape_string($instance->db->conn_id, $properties[$i])) . '), removed.'; unset($properties[$i]); stdlog($log); } } else { if ( ! $instance->db->table_exists($table)) { $log->detail = 'Invalid property supplied (' . htmlentities(mysqli_real_escape_string($instance->db->conn_id, $properties[$i])) . '), removed.'; unset($properties[$i]); stdlog($log); } else if ( ! $instance->db->field_exists($properties[$i], $table)) { $log->detail = 'Invalid property supplied (' . htmlentities(mysqli_real_escape_string($instance->db->conn_id, $properties[$i])) . '), removed.'; unset($properties[$i]); stdlog($log); } } } $properties = implode(',', $properties); } |