Fixed SQL inyections.
(cherry picked from commit 79037566bc0c222391f4f2e9cdabc64907ed7a7b)
This commit is contained in:
parent
dbf3bedd3a
commit
ac819525d5
|
@ -64,9 +64,9 @@ function mainAgentsModules() {
|
|||
$modulegroup = get_parameter('modulegroup', 0);
|
||||
$refr = get_parameter('refr', 30); // By default 30 seconds
|
||||
|
||||
$group_id = get_parameter('group_id', 0);
|
||||
$offset = get_parameter('offset', 0);
|
||||
$hor_offset = get_parameter('hor_offset', 0);
|
||||
$group_id = (int)get_parameter('group_id', 0);
|
||||
$offset = (int)get_parameter('offset', 0);
|
||||
$hor_offset = (int)get_parameter('hor_offset', 0);
|
||||
$block = 20;
|
||||
|
||||
$groups = users_get_groups ();
|
||||
|
|
|
@ -114,7 +114,7 @@ ob_end_clean();
|
|||
// Take some parameters (GET)
|
||||
$group_id = (int) get_parameter ("group_id", 0);
|
||||
$search = trim(get_parameter ("search", ""));
|
||||
$offset = get_parameter('offset', 0);
|
||||
$offset = (int)get_parameter('offset', 0);
|
||||
$refr = get_parameter('refr', 0);
|
||||
$recursion = get_parameter('recursion', 0);
|
||||
$status = (int) get_parameter ('status', -1);
|
||||
|
|
|
@ -31,8 +31,8 @@ require_once ($config['homedir'].'/include/functions_agents.php');
|
|||
ui_require_javascript_file('openlayers.pandora');
|
||||
|
||||
/* Get the parameters */
|
||||
$period = get_parameter ("period", 86400);
|
||||
$agentId = get_parameter('id_agente');
|
||||
$period = (int)get_parameter ("period", 86400);
|
||||
$agentId = (int)get_parameter('id_agente');
|
||||
$agent_name = agents_get_name($id_agente);
|
||||
$agentData = gis_get_data_last_position_agent($id_agente);
|
||||
|
||||
|
@ -117,7 +117,7 @@ $sql = sprintf ("
|
|||
FROM tgis_data_history
|
||||
WHERE tagente_id_agente = %d AND end_timestamp > FROM_UNIXTIME(%d)
|
||||
ORDER BY end_timestamp DESC
|
||||
LIMIT %d OFFSET %d", $agentId, get_system_time () - $period, $config['block_size'], get_parameter ('offset'));
|
||||
LIMIT %d OFFSET %d", $agentId, get_system_time () - $period, $config['block_size'], (int)get_parameter ('offset'));
|
||||
$result = db_get_all_rows_sql ($sql, true);
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue