From 9c34682555eb0949784b7e476d23460255ffa334 Mon Sep 17 00:00:00 2001
From: TheWitness <thewitness@cacti.net>
Date: Mon, 23 Dec 2024 16:31:19 -0500
Subject: [PATCH] QA: Issue with SQL Injection Check

---
 lib/api_automation.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/api_automation.php b/lib/api_automation.php
index c303f23259..d9b380d1b1 100644
--- a/lib/api_automation.php
+++ b/lib/api_automation.php
@@ -1190,8 +1190,8 @@ function clearFilter() {
 		$sql_field = $item['field'] . ' AS source ';
 	} else {
 		$sql_field = '"SQL Injection" AS source ';
-		cacti_log('Attempted SQL Injection found in Tree Automation for the field variable.', false, 'AUTOM8');
-		raise_message('sql_injection', __('Attempted SQL Injection found in Tree Automation for the field variable.'), MESSAGE_LEVEL_ERROR);
+		cacti_log("Attempted SQL Injection found in Tree Automation for the field variable {$item['field']}.", false, 'AUTOM8');
+		raise_message('sql_injection', __("Attempted SQL Injection found in Tree Automation for the field variable {$item['field']}."), MESSAGE_LEVEL_ERROR);
 	}
 
 	/* now we build up a new query for counting the rows */
@@ -1279,7 +1279,7 @@ function clearFilter() {
 }
 
 function api_automation_column_exists($column, $tables) {
-	$column = str_replace(array('h.', 'ht.', 'gt.', 'gl.', 'gtg.'), '', 1);
+	$column = str_replace(array('h.', 'ht.', 'gt.', 'gl.', 'gtg.'), array('', '', '', '', ''), $column);
 
 	if (cacti_sizeof($tables)) {
 		foreach($tables as $table) {