- GUI made immune to SQL injection attacks (Alexei)

git-svn-id: svn://svn.zabbix.com/trunk@2600 97f52cf1-0a1b-0410-bd0e-c28be96e8082

1 files changed, 4 insertions, 4 deletions

diff --git a/frontends/php/include/hosts.inc.php b/frontends/php/include/hosts.inc.php
index e24a4c1e..c1223984 100644
--- a/frontends/php/include/hosts.inc.php
+++ b/frontends/php/include/hosts.inc.php
@@ -35,7 +35,7 @@
 			return 0;
 		}
 
-		$sql="select * from hosts where host='$host'";
+		$sql="select * from hosts where host='".zbx_ads($host)."'";
 		$result=DBexecute($sql);
 		if(DBnum_rows($result)>0)
 		{
@@ -52,7 +52,7 @@
 			$useip=0;
 		}
 
-		$sql="insert into hosts (host,port,status,useip,ip,disable_until,available) values ('$host',$port,$status,$useip,'$ip',0,".HOST_AVAILABLE_UNKNOWN.")";
+		$sql="insert into hosts (host,port,status,useip,ip,disable_until,available) values ('".zbx_ads($host)."',$port,$status,$useip,'".zbx_ads($ip)."',0,".HOST_AVAILABLE_UNKNOWN.")";
 		$result=DBexecute($sql);
 		if(!$result)
 		{
@@ -94,7 +94,7 @@
 			return 0;
 		}
 
-		$sql="select * from hosts where host='$host' and hostid<>$hostid";
+		$sql="select * from hosts where host='".zbx_ads($host)."' and hostid<>$hostid";
 		$result=DBexecute($sql);
 		if(DBnum_rows($result)>0)
 		{
@@ -112,7 +112,7 @@
 			$useip=0;
 		}
 
-		$sql="update hosts set host='$host',port=$port,useip=$useip,ip='$ip' where hostid=$hostid";
+		$sql="update hosts set host='".zbx_ads($host)."',port=$port,useip=$useip,ip='".zbx_ads($ip)."' where hostid=$hostid";
 		$result=DBexecute($sql);