From f334e90fa78988656d7da132d7d0639242a4794b Mon Sep 17 00:00:00 2001
From: Tom Laermans <tom@localhost>
Date: Wed, 4 May 2011 14:00:02 +0000
Subject: [PATCH] make mac search work, fix sql injection while we're at it

git-svn-id: http://www.observium.org/svn/observer/trunk@2242 61d68cd4-352d-0410-923a-c4978735b2b8
---
 html/pages/search/mac.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/html/pages/search/mac.inc.php b/html/pages/search/mac.inc.php
index dcff3c5c87..bdf208b311 100644
--- a/html/pages/search/mac.inc.php
+++ b/html/pages/search/mac.inc.php
@@ -40,7 +40,7 @@ print_optionbar_end();
 
 echo('<table width="100%" cellspacing="0" cellpadding="5">');
 
-$where = "AND `ifPhysAddress` LIKE '%".$_POST['address']."%'";
+$where = "AND `ifPhysAddress` LIKE '%".str_replace(':','',mres($_POST['address']))."%'";
 if (is_numeric($_POST['device_id'])) { $where .= " AND I.device_id = '".$_POST['device_id']."'"; }
 if ($_POST['interface']) { $where .= " AND I.ifDescr LIKE '".mres($_POST['interface'])."'"; }