mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-27 15:54:29 +02:00
Fixed SQL inyections.
(cherry picked from commit 79037566bc0c222391f4f2e9cdabc64907ed7a7b)
This commit is contained in:
parent
dbf3bedd3a
commit
ac819525d5
@ -64,9 +64,9 @@ function mainAgentsModules() {
|
|||||||
$modulegroup = get_parameter('modulegroup', 0);
|
$modulegroup = get_parameter('modulegroup', 0);
|
||||||
$refr = get_parameter('refr', 30); // By default 30 seconds
|
$refr = get_parameter('refr', 30); // By default 30 seconds
|
||||||
|
|
||||||
$group_id = get_parameter('group_id', 0);
|
$group_id = (int)get_parameter('group_id', 0);
|
||||||
$offset = get_parameter('offset', 0);
|
$offset = (int)get_parameter('offset', 0);
|
||||||
$hor_offset = get_parameter('hor_offset', 0);
|
$hor_offset = (int)get_parameter('hor_offset', 0);
|
||||||
$block = 20;
|
$block = 20;
|
||||||
|
|
||||||
$groups = users_get_groups ();
|
$groups = users_get_groups ();
|
||||||
|
@ -114,7 +114,7 @@ ob_end_clean();
|
|||||||
// Take some parameters (GET)
|
// Take some parameters (GET)
|
||||||
$group_id = (int) get_parameter ("group_id", 0);
|
$group_id = (int) get_parameter ("group_id", 0);
|
||||||
$search = trim(get_parameter ("search", ""));
|
$search = trim(get_parameter ("search", ""));
|
||||||
$offset = get_parameter('offset', 0);
|
$offset = (int)get_parameter('offset', 0);
|
||||||
$refr = get_parameter('refr', 0);
|
$refr = get_parameter('refr', 0);
|
||||||
$recursion = get_parameter('recursion', 0);
|
$recursion = get_parameter('recursion', 0);
|
||||||
$status = (int) get_parameter ('status', -1);
|
$status = (int) get_parameter ('status', -1);
|
||||||
|
@ -31,8 +31,8 @@ require_once ($config['homedir'].'/include/functions_agents.php');
|
|||||||
ui_require_javascript_file('openlayers.pandora');
|
ui_require_javascript_file('openlayers.pandora');
|
||||||
|
|
||||||
/* Get the parameters */
|
/* Get the parameters */
|
||||||
$period = get_parameter ("period", 86400);
|
$period = (int)get_parameter ("period", 86400);
|
||||||
$agentId = get_parameter('id_agente');
|
$agentId = (int)get_parameter('id_agente');
|
||||||
$agent_name = agents_get_name($id_agente);
|
$agent_name = agents_get_name($id_agente);
|
||||||
$agentData = gis_get_data_last_position_agent($id_agente);
|
$agentData = gis_get_data_last_position_agent($id_agente);
|
||||||
|
|
||||||
@ -117,7 +117,7 @@ $sql = sprintf ("
|
|||||||
FROM tgis_data_history
|
FROM tgis_data_history
|
||||||
WHERE tagente_id_agente = %d AND end_timestamp > FROM_UNIXTIME(%d)
|
WHERE tagente_id_agente = %d AND end_timestamp > FROM_UNIXTIME(%d)
|
||||||
ORDER BY end_timestamp DESC
|
ORDER BY end_timestamp DESC
|
||||||
LIMIT %d OFFSET %d", $agentId, get_system_time () - $period, $config['block_size'], get_parameter ('offset'));
|
LIMIT %d OFFSET %d", $agentId, get_system_time () - $period, $config['block_size'], (int)get_parameter ('offset'));
|
||||||
$result = db_get_all_rows_sql ($sql, true);
|
$result = db_get_all_rows_sql ($sql, true);
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user