mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

yeeha sql injection fixes

Browse Source 
git-svn-id: http://www.observium.org/svn/observer/trunk@1138 61d68cd4-352d-0410-923a-c4978735b2b8
This commit is contained in:
Tom Laermans
2010-06-10 20:17:41 +00:00
parent 2682ff9e6d
commit 802bfbd109
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
html/pages/devices.php
View File

@@ -99,14 +99,14 @@
print_optionbar_end(); print_optionbar_end();
if ($_POST['hostname']) { $where = " AND hostname LIKE '%".$_POST['hostname']."%'"; } if ($_POST['hostname']) { $where = " AND hostname LIKE '%".mres($_POST['hostname'])."%'"; }
if ($_POST['os']) { $where = " AND os = '".$_POST['os']."'"; } if ($_POST['os']) { $where = " AND os = '".mres($_POST['os'])."'"; }
if ($_POST['version']) { $where .= " AND version = '".$_POST['version']."'"; } if ($_POST['version']) { $where .= " AND version = '".mres($_POST['version'])."'"; }
if ($_POST['hardware']) { $where .= " AND hardware = '".$_POST['hardware']."'"; } if ($_POST['hardware']) { $where .= " AND hardware = '".mres($_POST['hardware'])."'"; }
if ($_POST['features']) { $where .= " AND features = '".$_POST['features']."'"; } if ($_POST['features']) { $where .= " AND features = '".mres($_POST['features'])."'"; }
if ($_POST['location']) { $where .= " AND location = '".$_POST['location']."'"; } if ($_POST['location']) { $where .= " AND location = '".mres($_POST['location'])."'"; }
if ($_GET['location'] && !isset($_POST['location'])) { $where .= " AND location = '".$_GET['location']."'"; } if ($_GET['location'] && !isset($_POST['location'])) { $where .= " AND location = '".mres($_GET['location'])."'"; }
if ($_GET['type']) { $where = "AND type = '$_GET[type]'"; } if ($_GET['type']) { $where = "AND type = '" .mres($_GET[type]). "'"; }
if ($_GET['location'] == "Unset") { $where .= " AND location = ''"; } if ($_GET['location'] == "Unset") { $where .= " AND location = ''"; }
$sql = "SELECT * FROM devices WHERE 1 $where ORDER BY `ignore`, `status`, `hostname`"; $sql = "SELECT * FROM devices WHERE 1 $where ORDER BY `ignore`, `status`, `hostname`";