hardening: parameterize domain stripping update in syslog_strip_incoming_domains #261
Description
Summary
Domain stripping query interpolates domain tokens directly into SQL LIKE pattern.
Evidence
functions.php:1760-1763 in syslog_strip_incoming_domains():
... WHERE host LIKE '%$domain' AND status = $uniqueIDRisk
Configuration values should not be interpolated into SQL; malformed tokens can produce fragile behavior and expand injection surface.
Expected fix
Use prepared statements for domain and status values in the update query for each domain token.