tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

2009-10-08 Ramon Novoa <rnovoa@artica.es> 

* include/functions_ui.php,
          include/functions_incidents.php,
          operation/incidents/incident_detail.php: Security related fixes.
          Thanks to ~finalbeta and ~remove from the Global-Evolution Security
          Group.




git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@2012 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
This commit is contained in:
ramonn 2009-10-08 14:25:37 +00:00
parent f9913e240e
commit a22f0cb220
4 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pandora_console/ChangeLog
View File

@ -1,3 +1,11 @@
2009-10-08 Ramon Novoa <rnovoa@artica.es>
* include/functions_ui.php,
include/functions_incidents.php,
operation/incidents/incident_detail.php: Security related fixes.
Thanks to ~finalbeta and ~remove from the Global-Evolution Security
Group.
2009-10-07 Miguel de Dios <miguel.dedios@artica.es>
* pandoradb.sql, extras/pandoradb_migrate_v2.x_to_v3.0.sql: change the field

4
pandora_console/include/functions_incidents.php
View File

@ -136,6 +136,10 @@ function process_incidents_touch ($id_incident) {
return false;
}
$id_incident = implode (",", $id_incident);
if (empty ($id_incident)) {
return false;
}
$sql = sprintf ("UPDATE tincidencia SET id_lastupdate = '%s' WHERE id_incidencia IN (%s)", $config["id_user"], $id_incident);
return process_sql ($sql);
}

9
pandora_console/include/functions_ui.php
View File

@ -1186,7 +1186,7 @@ function get_url_refresh ($params = false, $relative = true, $add_post = true) {
continue;
if (strstr ($key, 'delete'))
continue;
$url .= $key.'='.$value.'&amp;';
$url .= $key.'='.$value.'&';
}
if ($add_post) {
@ -1201,22 +1201,23 @@ function get_url_refresh ($params = false, $relative = true, $add_post = true) {
continue;
if (strstr ($key, 'delete'))
continue;
$url .= $key.'='.$value.'&amp;';
$url .= $key.'='.$value.'&';
}
}
foreach ($params as $key => $value) {
if ($value === false)
continue;
$url .= $key.'='.$value.'&amp;';
$url .= $key.'='.$value.'&';
}
/* Removes final & */
$pos = strrpos ($url, '&amp;', 0);
$pos = strrpos ($url, '&', 0);
if ($pos) {
$url = substr_replace ($url, '', $pos, 5);
}
$url = htmlspecialchars ($url);
if (! $relative) {
return get_full_url ($url);
}

2
pandora_console/operation/incidents/incident_detail.php
View File

@ -36,7 +36,7 @@ $actualizacion = get_system_time ();
// EDITION MODE
if (isset ($_GET["id"])) {
$id_inc = get_parameter_get ("id", 0);
$id_inc = (int) get_parameter_get ("id", 0);
// Obtain group of this incident
$row = get_db_row ("tincidencia","id_incidencia",$id_inc);