From 6eee9b5359fc34c739b4e3ed8fb68b8bd31544e9 Mon Sep 17 00:00:00 2001 From: darode Date: Mon, 19 Jul 2010 15:16:56 +0000 Subject: [PATCH] 2010-07-19 Dario Rodriguez * godmode/groups/group_list.php: fixed bug that allow create and update groups with name field empty. Fixes: #3031642 git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3031 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 6 ++++ pandora_console/godmode/groups/group_list.php | 32 +++++++++++++------ 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index ce4eaf30e8..02d93d9238 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,9 @@ +2010-07-19 Dario Rodriguez + + * godmode/groups/group_list.php: fixed bug that allow create and update + groups with name field empty. + Fixes: #3031642 + 2010-07-19 Miguel de Dios * include/functions_agents.php: in function "get_agents" added the parameter diff --git a/pandora_console/godmode/groups/group_list.php b/pandora_console/godmode/groups/group_list.php index 93ba52d990..a84b86d9c0 100644 --- a/pandora_console/godmode/groups/group_list.php +++ b/pandora_console/godmode/groups/group_list.php @@ -89,11 +89,17 @@ if ($create_group) { $id_parent = (int) get_parameter ('id_parent'); $alerts_disabled = (bool) get_parameter ('alerts_disabled'); $custom_id = (string) get_parameter ('custom_id'); - - $sql = sprintf ('INSERT INTO tgrupo (nombre, icon, parent, disabled, custom_id) - VALUES ("%s", "%s", %d, %d, "%s")', - $name, substr ($icon, 0, -4), $id_parent, $alerts_disabled, $custom_id); - $result = mysql_query ($sql); + + /*Check if name field is empty*/ + if ($name != "") { + $sql = sprintf ('INSERT INTO tgrupo (nombre, icon, parent, disabled, custom_id) + VALUES ("%s", "%s", %d, %d, "%s")', + $name, substr ($icon, 0, -4), $id_parent, $alerts_disabled, $custom_id); + $result = mysql_query ($sql); + } else { + $result = false; + } + if ($result) { echo "

".__('Group successfully created')."

"; } else { @@ -110,11 +116,17 @@ if ($update_group) { $custom_id = (string) get_parameter ('custom_id'); $propagate = (bool) get_parameter('propagate'); - $sql = sprintf ('UPDATE tgrupo SET nombre = "%s", - icon = "%s", disabled = %d, parent = %d, custom_id = "%s", propagate = %d - WHERE id_grupo = %d', - $name, substr ($icon, 0, -4), !$alerts_enabled, $id_parent, $custom_id, $propagate, $id_group); - $result = process_sql ($sql); + /*Check if name field is empty*/ + if( $name != "") { + $sql = sprintf ('UPDATE tgrupo SET nombre = "%s", + icon = "%s", disabled = %d, parent = %d, custom_id = "%s", propagate = %d + WHERE id_grupo = %d', + $name, substr ($icon, 0, -4), !$alerts_enabled, $id_parent, $custom_id, $propagate, $id_group); + $result = process_sql ($sql); + } else { + $result = false; + } + if ($result !== false) { echo "

".__('Group successfully updated')."

"; } else {