2010-07-19 Dario Rodriguez <dario.rodriguez@artica.es>

* godmode/groups/group_list.php: fixed bug that allow create and update
	groups with name field empty.
	Fixes: #3031642



git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3031 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
darode 2010-07-19 15:16:56 +00:00
parent afe0df1c0e
commit 6eee9b5359
2 changed files with 28 additions and 10 deletions

View File

@ -1,3 +1,9 @@
2010-07-19 Dario Rodriguez <dario.rodriguez@artica.es>
* godmode/groups/group_list.php: fixed bug that allow create and update
groups with name field empty.
Fixes: #3031642
2010-07-19 Miguel de Dios <miguel.dedios@artica.es>
* include/functions_agents.php: in function "get_agents" added the parameter

View File

@ -89,11 +89,17 @@ if ($create_group) {
$id_parent = (int) get_parameter ('id_parent');
$alerts_disabled = (bool) get_parameter ('alerts_disabled');
$custom_id = (string) get_parameter ('custom_id');
$sql = sprintf ('INSERT INTO tgrupo (nombre, icon, parent, disabled, custom_id)
VALUES ("%s", "%s", %d, %d, "%s")',
$name, substr ($icon, 0, -4), $id_parent, $alerts_disabled, $custom_id);
$result = mysql_query ($sql);
/*Check if name field is empty*/
if ($name != "") {
$sql = sprintf ('INSERT INTO tgrupo (nombre, icon, parent, disabled, custom_id)
VALUES ("%s", "%s", %d, %d, "%s")',
$name, substr ($icon, 0, -4), $id_parent, $alerts_disabled, $custom_id);
$result = mysql_query ($sql);
} else {
$result = false;
}
if ($result) {
echo "<h3 class='suc'>".__('Group successfully created')."</h3>";
} else {
@ -110,11 +116,17 @@ if ($update_group) {
$custom_id = (string) get_parameter ('custom_id');
$propagate = (bool) get_parameter('propagate');
$sql = sprintf ('UPDATE tgrupo SET nombre = "%s",
icon = "%s", disabled = %d, parent = %d, custom_id = "%s", propagate = %d
WHERE id_grupo = %d',
$name, substr ($icon, 0, -4), !$alerts_enabled, $id_parent, $custom_id, $propagate, $id_group);
$result = process_sql ($sql);
/*Check if name field is empty*/
if( $name != "") {
$sql = sprintf ('UPDATE tgrupo SET nombre = "%s",
icon = "%s", disabled = %d, parent = %d, custom_id = "%s", propagate = %d
WHERE id_grupo = %d',
$name, substr ($icon, 0, -4), !$alerts_enabled, $id_parent, $custom_id, $propagate, $id_group);
$result = process_sql ($sql);
} else {
$result = false;
}
if ($result !== false) {
echo "<h3 class='suc'>".__('Group successfully updated')."</h3>";
} else {