diff options
| author | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-02-02 06:37:42 +0000 |
|---|---|---|
| committer | hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2006-02-02 06:37:42 +0000 |
| commit | 6baf1bdda009c10acadac93035e38d2c431ca324 (patch) | |
| tree | 23b4b96974ed388574da5560a7b51588b9ee3941 /frontends/php/overview.php | |
| parent | bf94a21c0a8d09d4da1f0c8ee0fe851a0053c6b2 (diff) | |
| download | zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.tar.gz zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.tar.xz zabbix-6baf1bdda009c10acadac93035e38d2c431ca324.zip | |
- GUI made immune to SQL injection attacks (Alexei)
git-svn-id: svn://svn.zabbix.com/trunk@2600 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/overview.php')
| -rw-r--r-- | frontends/php/overview.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/frontends/php/overview.php b/frontends/php/overview.php index 25b5411d..f2af4e9c 100644 --- a/frontends/php/overview.php +++ b/frontends/php/overview.php @@ -153,7 +153,7 @@ $rows=array(nbsp($row["description"])); foreach($hosts as $hostid) { - $sql="select itemid,value_type,lastvalue,units from items where hostid=$hostid and description='".$row["description"]."'"; + $sql="select itemid,value_type,lastvalue,units from items where hostid=$hostid and description='".zbx_ads($row["description"])."'"; $result2=DBselect($sql); if(DBnum_rows($result2)==1) { @@ -224,14 +224,14 @@ $_REQUEST["sort"]="order by i.description"; } // $sql="select distinct description from items order by 1;"; - $sql="select distinct t.description from hosts h,items i,hosts_groups hg,triggers t,functions f where h.status=".HOST_STATUS_MONITORED." and t.status=".TRIGGER_STATUS_ENABLED." and h.hostid=i.hostid and hg.groupid=".zbx_ads($_REQUEST["groupid"])." and hg.hostid=h.hostid and t.triggerid=f.triggerid and f.itemid=i.itemid order by 1"; + $sql="select distinct t.description from hosts h,items i,hosts_groups hg,triggers t,functions f where h.status=".HOST_STATUS_MONITORED." and t.status=".TRIGGER_STATUS_ENABLED." and h.hostid=i.hostid and hg.groupid=".$_REQUEST["groupid"]." and hg.hostid=h.hostid and t.triggerid=f.triggerid and f.itemid=i.itemid order by 1"; $result=DBselect($sql); while($row=DBfetch($result)) { $rows=array(nbsp($row["description"])); foreach($hosts as $hostid) { - $sql="select t.status,t.value,t.lastchange from triggers t,functions f,items i where f.triggerid=t.triggerid and i.itemid=f.itemid and t.status=".TRIGGER_STATUS_ENABLED." and i.hostid=".zbx_ads($hostid)." and t.description='".zbx_ads($row["description"])."'"; + $sql="select t.status,t.value,t.lastchange from triggers t,functions f,items i where f.triggerid=t.triggerid and i.itemid=f.itemid and t.status=".TRIGGER_STATUS_ENABLED." and i.hostid=$hostid and t.description='".zbx_ads($row["description"])."'"; $result2=DBselect($sql); if(DBnum_rows($result2)==1) { |