hardening: remove SQL-concatenated matching in legacy syslog_manage_items batch path

## Summary
Legacy batch transfer/removal path builds SQL with direct concatenation of removal rule text.

## Evidence
`functions.php` in `syslog_manage_items()`:
- `message LIKE '%" . $remove['message'] . "%'` (e.g. lines around 956/965)
- `WHERE message (" . $remove['message'] . ")` for `type='sql'` (around 981/984)

Invoked by `syslog_batch_transfer.php:127`.

## Risk
Rule text can alter query semantics in this path, causing unintended mass select/delete/transfer behavior.

## Expected fix
- Replace concatenated clauses with prepared statements / safe quoting in every branch
- Prefer reusing the newer prepared-query logic used by active processing path
- Consider deprecating/removing the legacy script if not required

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

hardening: remove SQL-concatenated matching in legacy syslog_manage_items batch path #255

Summary

Evidence

Risk

Expected fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

hardening: remove SQL-concatenated matching in legacy syslog_manage_items batch path #255

Description

Summary

Evidence

Risk

Expected fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions