diff options
| author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-02-02 06:37:42 +0000 |
|---|---|---|
| committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-02-02 06:37:42 +0000 |
| commit | 6baf1bdda009c10acadac93035e38d2c431ca324 (patch) | |
| tree | 23b4b96974ed388574da5560a7b51588b9ee3941 /frontends/php/map.php | |
| parent | bf94a21c0a8d09d4da1f0c8ee0fe851a0053c6b2 (diff) | |
| download | zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.tar.gz zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.tar.xz zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.zip | |
- GUI made immune to SQL injection attacks (Alexei)
git-svn-id: svn://svn.zabbix.com/trunk@2600 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/map.php')
| -rw-r--r-- | frontends/php/map.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/frontends/php/map.php b/frontends/php/map.php index c3049e1b..8b10e07e 100644 --- a/frontends/php/map.php +++ b/frontends/php/map.php @@ -86,7 +86,7 @@ # ImageFilledRectangle($im,0,0,$width,$height,$black); if($background!="") { - $sql="select image from images where imagetype=2 and name='$background'"; + $sql="select image from images where imagetype=2 and name='".zbx_ads($background)."'"; $result2=DBselect($sql); if(DBnum_rows($result2)==1) { @@ -286,7 +286,7 @@ $icons[$icon]=ImageCreateFromPNG("images/sysmaps/old/$icon.png"); } */ - $sql="select image from images where imagetype=1 and name='$icon'"; + $sql="select image from images where imagetype=1 and name='".zbx_ads($icon)."'"; $result2=DBselect($sql); if(DBnum_rows($result2)!=1) { |