tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-27 15:54:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixed SQL inyections.

Browse Source 
(cherry picked from commit 79037566bc0c222391f4f2e9cdabc64907ed7a7b)
This commit is contained in:
mdtrooper 2015-02-11 17:20:50 +01:00
parent dbf3bedd3a
commit ac819525d5
3 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pandora_console/extensions/agents_modules.php
View File

@ -64,9 +64,9 @@ function mainAgentsModules() {
$modulegroup = get_parameter('modulegroup', 0); $modulegroup = get_parameter('modulegroup', 0);
$refr = get_parameter('refr', 30); // By default 30 seconds $refr = get_parameter('refr', 30); // By default 30 seconds
$group_id = get_parameter('group_id', 0); $group_id = (int)get_parameter('group_id', 0);
$offset = get_parameter('offset', 0); $offset = (int)get_parameter('offset', 0);
$hor_offset = get_parameter('hor_offset', 0); $hor_offset = (int)get_parameter('hor_offset', 0);
$block = 20; $block = 20;
$groups = users_get_groups (); $groups = users_get_groups ();

2
pandora_console/operation/agentes/estado_agente.php
View File

@ -114,7 +114,7 @@ ob_end_clean();
// Take some parameters (GET) // Take some parameters (GET)
$group_id = (int) get_parameter ("group_id", 0); $group_id = (int) get_parameter ("group_id", 0);
$search = trim(get_parameter ("search", "")); $search = trim(get_parameter ("search", ""));
$offset = get_parameter('offset', 0); $offset = (int)get_parameter('offset', 0);
$refr = get_parameter('refr', 0); $refr = get_parameter('refr', 0);
$recursion = get_parameter('recursion', 0); $recursion = get_parameter('recursion', 0);
$status = (int) get_parameter ('status', -1); $status = (int) get_parameter ('status', -1);

6
pandora_console/operation/agentes/gis_view.php
View File

@ -31,8 +31,8 @@ require_once ($config['homedir'].'/include/functions_agents.php');
ui_require_javascript_file('openlayers.pandora'); ui_require_javascript_file('openlayers.pandora');
/* Get the parameters */ /* Get the parameters */
$period = get_parameter ("period", 86400); $period = (int)get_parameter ("period", 86400);
$agentId = get_parameter('id_agente'); $agentId = (int)get_parameter('id_agente');
$agent_name = agents_get_name($id_agente); $agent_name = agents_get_name($id_agente);
$agentData = gis_get_data_last_position_agent($id_agente); $agentData = gis_get_data_last_position_agent($id_agente);
@ -117,7 +117,7 @@ $sql = sprintf ("
FROM tgis_data_history FROM tgis_data_history
WHERE tagente_id_agente = %d AND end_timestamp > FROM_UNIXTIME(%d) WHERE tagente_id_agente = %d AND end_timestamp > FROM_UNIXTIME(%d)
ORDER BY end_timestamp DESC ORDER BY end_timestamp DESC
LIMIT %d OFFSET %d", $agentId, get_system_time () - $period, $config['block_size'], get_parameter ('offset')); LIMIT %d OFFSET %d", $agentId, get_system_time () - $period, $config['block_size'], (int)get_parameter ('offset'));
$result = db_get_all_rows_sql ($sql, true); $result = db_get_all_rows_sql ($sql, true);