diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 5aded80216..95c428fd81 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,10 @@ +2011-08-09 Juan Manuel Ramon + + * extensions/users_connected.php: Added a call to io_safe_input() function + in order to retrieve users connected. + + Fixes: #3388470 + 2011-08-09 Vanessa Gil * godmode/groups/group_list.php: Added groups must have a name and be unique. diff --git a/pandora_console/extensions/users_connected.php b/pandora_console/extensions/users_connected.php index 89797cc352..28ea2eae26 100644 --- a/pandora_console/extensions/users_connected.php +++ b/pandora_console/extensions/users_connected.php @@ -34,17 +34,17 @@ function users_extension_main_god ($god = true) { case "mysql": $sql = "SELECT id_usuario, ip_origen, fecha, accion FROM tsesion - WHERE descripcion = 'Logged in' AND utimestamp > (UNIX_TIMESTAMP(NOW()) - 3600) GROUP BY id_usuario, ip_origen, accion"; + WHERE descripcion = '" . io_safe_input('Logged in') . "' AND utimestamp > (UNIX_TIMESTAMP(NOW()) - 3600) GROUP BY id_usuario, ip_origen, accion"; break; case "postgresql": $sql = "SELECT id_usuario, ip_origen, fecha, accion FROM tsesion - WHERE descripcion = 'Logged in' AND utimestamp > (ceil(date_part('epoch', CURRENT_TIMESTAMP)) - 3600) GROUP BY id_usuario, ip_origen, accion"; + WHERE descripcion = '" . io_safe_input('Logged in') . "' AND utimestamp > (ceil(date_part('epoch', CURRENT_TIMESTAMP)) - 3600) GROUP BY id_usuario, ip_origen, accion"; break; case "oracle": $sql = "SELECT id_usuario, ip_origen, fecha, accion FROM tsesion - WHERE to_char(descripcion) = 'Logged in' AND utimestamp > (ceil((sysdate - to_date('19700101000000','YYYYMMDDHH24MISS')) * (86400)) - 3600) GROUP BY id_usuario, ip_origen,fecha, accion"; + WHERE to_char(descripcion) = '" . io_safe_input('Logged in') . "' AND utimestamp > (ceil((sysdate - to_date('19700101000000','YYYYMMDDHH24MISS')) * (86400)) - 3600) GROUP BY id_usuario, ip_origen,fecha, accion"; break; } @@ -56,7 +56,7 @@ function users_extension_main_god ($god = true) { else { $table->cellpadding = 4; $table->cellspacing = 4; - $table->width = 600; + $table->width = '98%'; $table->class = "databox"; $table->size = array (); $table->data = array ();