diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index b9246839ae..74dfc1a6de 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,8 @@ +2010-10-06 Dario Rodriguez + + *operation/agentes/estado_agente.php, ver_agente.php: Fixed some problems + processing the input + 2010-10-06 Miguel de Dios * godmode/agentes/module_manager_editor.php: cleaned source code style. diff --git a/pandora_console/operation/agentes/estado_agente.php b/pandora_console/operation/agentes/estado_agente.php index 131cf371c1..9a4f8f39c5 100644 --- a/pandora_console/operation/agentes/estado_agente.php +++ b/pandora_console/operation/agentes/estado_agente.php @@ -32,13 +32,15 @@ if (is_ajax ()) { if ($get_actions_alert_template) { $id_template = get_parameter("id_template"); - $rows = get_db_all_rows_sql("SELECT t1.id, t1.name, + $sql = sprintf ("SELECT t1.id, t1.name, (SELECT COUNT(t2.id) FROM talert_templates AS t2 - WHERE t2.id = " . $id_template . " + WHERE t2.id = %d AND t2.id_alert_action = t1.id) as 'sort_order' FROM talert_actions AS t1 - ORDER BY sort_order DESC"); + ORDER BY sort_order DESC", $id_template); + + $rows = get_db_all_rows_sql($sql); if ($rows !== false) @@ -66,7 +68,7 @@ if (is_ajax ()) { } // Take some parameters (GET) -$group_id = get_parameter ("group_id", 0); +$group_id = (int) get_parameter ("group_id", 0); $search = get_parameter ("search", ""); $offset = get_parameter('offset', 0); $refr = get_parameter('refr', 0); diff --git a/pandora_console/operation/agentes/ver_agente.php b/pandora_console/operation/agentes/ver_agente.php index 8d51b77d3c..8704c8a428 100644 --- a/pandora_console/operation/agentes/ver_agente.php +++ b/pandora_console/operation/agentes/ver_agente.php @@ -38,10 +38,10 @@ if (is_ajax ()) { $get_group_status_tooltip = (bool) get_parameter ("get_group_status_tooltip"); if ($get_agents_group_json) { - $id_group = get_parameter('id_group'); - + $id_group = (int) get_parameter('id_group'); + if($id_group > 0) - $filter = " WHERE id_grupo = ". $id_group; + $filter = sprintf(" WHERE id_grupo = %d", $id_group); else { $groups_orig = get_user_groups(); @@ -283,16 +283,19 @@ if (! give_acl ($config['id_user'], $id_grupo, "AR")) { } // Check for Network FLAG change request -if (isset($_GET["flag"])) { - if ($_GET["flag"] == 1 && give_acl ($config['id_user'], $id_grupo, "AW")) { - $sql = "UPDATE tagente_modulo SET flag=1 WHERE id_agente_modulo = ".$_GET["id_agente_modulo"]; +$flag = get_parameter('flag', ''); +if ($flag !== '') { + if ($flag == 1 && give_acl ($config['id_user'], $id_grupo, "AW")) { + $id_agent_module = get_parameter('id_agente_modulo'); + $sql = sprintf("UPDATE tagente_modulo SET flag=1 WHERE id_agente_modulo = %d", $id_agent_module); process_sql ($sql); } } // Check for Network FLAG change request -if (isset($_GET["flag_agent"])){ - if ($_GET["flag_agent"] == 1 && give_acl ($config['id_user'], $id_grupo, "AW")) { - $sql ="UPDATE tagente_modulo SET flag=1 WHERE id_agente = ". $id_agente; +$flag_agent = get_parameter('flag_agent',''); +if ($flag_agent !== ''){ + if ($flag_agent == 1 && give_acl ($config['id_user'], $id_grupo, "AW")) { + $sql = sprintf("UPDATE tagente_modulo SET flag=1 WHERE id_agente = %d", $id_agente); process_sql ($sql); } }