security fixes and some juniper graphing stuff.

git-svn-id: http://www.observium.org/svn/observer/trunk@245 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2008-07-22 08:24:34 +00:00
parent 0ee570b762
commit 96cc0308fd
20 changed files with 85 additions and 24 deletions
--- a/html/pages/deluser.php
+++ b/html/pages/deluser.php
@@ -8,12 +8,12 @@ if($_SESSION['userlevel'] != '10') { echo("<span class=alert>You do not have the

  if($_GET['action'] == "del") {

-    $delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . $_GET['user_id'] . "'"),0);
+    $delete_username = mysql_result(mysql_query("SELECT username FROM users WHERE user_id = '" . mres($_GET['user_id']) . "'"),0);

    if($_GET['confirm'] == "yes") {

-      mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . $_GET['user_id'] . "'");
-      mysql_query("DELETE FROM `users` WHERE `user_id` = '" . $_GET['user_id'] . "'");
+      mysql_query("DELETE FROM `devices_perms` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");
+      mysql_query("DELETE FROM `users` WHERE `user_id` = '" . mres($_GET['user_id']) . "'");

      if(mysql_affected_rows()) { echo("<span class=info>User '$delete_username' deleted!</span>"); }