Getting rid of addslashes.

git-svn-id: svn://svn.zabbix.com/trunk@2592 97f52cf1-0a1b-0410-bd0e-c28be96e8082
author: hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2006-01-31 16:09:35 +0000
committer: hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082> 2006-01-31 16:09:35 +0000
commit: d07f777ed2cf0103ed550166f9b0e783db064255 (patch)
tree: fb331ae19aff60bdf2cea11bd99e34a99f45bc1d /frontends/php
parent: 78776cf62621df9e12f0b791753174e638440efe (diff)
download: zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.tar.gz
zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.tar.xz
zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.zip
14 files changed, 73 insertions, 107 deletions
diff --git a/frontends/php/config.php b/frontends/php/config.php
index ee2d7274..889497bd 100644
--- a/frontends/php/config.php
+++ b/frontends/php/config.php
@@ -105,7 +105,7 @@
 			if($result)
 			{
 				add_audit($action,AUDIT_RESOURCE_MEDIA_TYPE,
-					"Media type [".addslashes($_REQUEST["description"])."]");
+					"Media type [".zbx_ads($_REQUEST["description"])."]");
 
 				unset($_REQUEST["form"]);
 			}
@@ -190,7 +190,7 @@
 			if($result)
 			{
 				add_audit($audit_action, AUDIT_RESOURCE_AUTOREGISTRATION,
-					"Autoregistration [".addslashes($_REQUEST["pattern"])."]");
+					"Autoregistration [".zbx_ads($_REQUEST["pattern"])."]");
 
 				unset($_REQUEST["form"]);
 			}
@@ -202,7 +202,7 @@
 			if($result)
 			{
 				add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_AUTOREGISTRATION,
-					"Autoregistration [".addslashes($_REQUEST["pattern"])."]");
+					"Autoregistration [".zbx_ads($_REQUEST["pattern"])."]");
 			}
 			show_messages($result, S_AUTOREGISTRATION_DELETED, S_AUTOREGISTRATION_WAS_NOT_DELETED);
 		}
diff --git a/frontends/php/graphs.php b/frontends/php/graphs.php
index d541ae43..aecac3c8 100644
--- a/frontends/php/graphs.php
+++ b/frontends/php/graphs.php
@@ -53,7 +53,7 @@
 			if($result)
 			{
 				add_audit(AUDIT_ACTION_ADD,AUDIT_RESOURCE_GRAPH,
-					"Graph [".addslashes($_REQUEST["name"])."]");
+					"Graph [".zbx_ads($_REQUEST["name"])."]");
 			}
 			show_messages($result, S_GRAPH_ADDED, S_CANNOT_ADD_GRAPH);
 		}
@@ -70,7 +70,7 @@
 			{
 				add_audit(AUDIT_ACTION_ADD,AUDIT_RESOURCE_GRAPH,
 					"Graph ID [".$_REQUEST["graphid"]."] Graph [".
-					addslashes($_REQUEST["name"])."]");
+					zbx_ads($_REQUEST["name"])."]");
 			}
 			show_messages($result, S_GRAPH_UPDATED, S_CANNOT_UPDATE_GRAPH);
 		}
@@ -82,7 +82,7 @@
 			if($result)
 			{
 				add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_GRAPH,
-					"Graph [".addslashes($graph["name"])."]");
+					"Graph [".zbx_ads($graph["name"])."]");
 			}
 			show_messages($result, S_GRAPH_DELETED, S_CANNOT_DELETE_GRAPH);
 			unset($_REQUEST["graphid"]);
diff --git a/frontends/php/hosts.php b/frontends/php/hosts.php
index a022e569..cee75cbd 100644
--- a/frontends/php/hosts.php
+++ b/frontends/php/hosts.php
@@ -116,7 +116,7 @@
 		show_messages($result, $msg_ok, $msg_fail);
 		if($result){
 			add_audit($audit_action,AUDIT_RESOURCE_HOST,
-				"Host [".addslashes($_REQUEST["host"])."] IP [".$_REQUEST["ip"]."] ".
+				"Host [".zbx_ads($_REQUEST["host"])."] IP [".$_REQUEST["ip"]."] ".
 				"Status [".$_REQUEST["status"]."]");
 
 			unset($_REQUEST["form"]);
@@ -135,7 +135,7 @@
 			if($result)
 			{
 				add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_HOST,
-				"Host [".addslashes($host["host"])."]");
+				"Host [".zbx_ads($host["host"])."]");
 
 				unset($_REQUEST["form"]);
 				unset($_REQUEST["hostid"]);
@@ -153,7 +153,7 @@
 				if(!$res) continue;	
 				$host=get_host_by_hostid($db_host["hostid"]);
 				add_audit(AUDIT_ACTION_DELETE,AUDIT_RESOURCE_HOST,
-					"Host [".addslashes($host["host"])."]");
+					"Host [".zbx_ads($host["host"])."]");
 			}
 			show_messages($result, S_HOST_DELETED, NULL);
 		}
diff --git a/frontends/php/include/actions.inc.php b/frontends/php/include/actions.inc.php
index 621d9adc..9e443b6f 100644
--- a/frontends/php/include/actions.inc.php
+++ b/frontends/php/include/actions.inc.php
@@ -136,7 +136,7 @@
 		{
 			if($row["actions"]&1 == 0)	continue;
 
-			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
+			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
 			$result2=DBselect($sql);
 			while($row2=DBfetch($result2))
 			{
@@ -182,12 +182,12 @@
 		{
 			if($row["actions"]&4 == 0)	continue;
 
-			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
+			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
 			$result2=dbselect($sql);
 			#enumerate triggers
 			while($row2=dbfetch($result2))
 			{
-				$sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".addslashes($action["subject"])."' and userid=".$action["userid"]." and good=".$action["good"]." and scope=".$action["scope"]." and recipient=".$action["recipient"]." and severity=".$action["severity"];
+				$sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".zbx_ads($action["subject"])."' and userid=".$action["userid"]." and good=".$action["good"]." and scope=".$action["scope"]." and recipient=".$action["recipient"]." and severity=".$action["severity"];
 				$result3=dbselect($sql);
 				#enumerate actions
 				while($row3=dbfetch($result3))
@@ -229,12 +229,12 @@
 		{
 			if($row["actions"]&2 == 0)	continue;
 
-			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
+			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
 			$result2=dbselect($sql);
 			#enumerate triggers
 			while($row2=dbfetch($result2))
 			{
-				$sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".addslashes($action["subject"])."'";
+				$sql="select actionid from actions where triggerid=".$row2["triggerid"]." and subject='".zbx_ads($action["subject"])."'";
 				$result3=dbselect($sql);
 				#enumerate actions
 				while($row3=dbfetch($result3))
@@ -334,8 +334,7 @@
 
 	function	add_action_condition($actionid, $conditiontype, $operator, $value)
 	{
-		$value=addslashes($value);
-		$sql="insert into conditions (actionid,conditiontype,operator,value) values ($actionid,$conditiontype,$operator,'$value')";
+		$sql="insert into conditions (actionid,conditiontype,operator,value) values ($actionid,$conditiontype,$operator,'".zbx_ads($value)."')";
 		$result=DBexecute($sql);
 		return DBinsert_id($result,"conditions","conditionid");
 	}
diff --git a/frontends/php/include/audit.inc.php b/frontends/php/include/audit.inc.php
index 5364e121..20957b1c 100644
--- a/frontends/php/include/audit.inc.php
+++ b/frontends/php/include/audit.inc.php
@@ -23,10 +23,9 @@
 	{
 		global $USER_DETAILS;
 
-		$details=addslashes($details);
 		$userid=$USER_DETAILS["userid"];
 		$clock=time();
-		$sql="insert into audit (userid,clock,action,resource,details) values ($userid,$clock,$action,$resource,'$details')";
+		$sql="insert into audit (userid,clock,action,resource,details) values ($userid,$clock,$action,$resource,'".zbx_ads($details)."')";
 		return DBexecute($sql);
 	}
 ?>
diff --git a/frontends/php/include/autoregistration.inc.php b/frontends/php/include/autoregistration.inc.php
index cbb7593f..f607dad7 100644
--- a/frontends/php/include/autoregistration.inc.php
+++ b/frontends/php/include/autoregistration.inc.php
@@ -29,9 +29,7 @@
 			return 0;
 		}
 
-		$pattern=addslashes($pattern);
-
-		$sql="insert into autoreg (pattern,priority,hostid) values ('$pattern',$priority,$hostid)";
+		$sql="insert into autoreg (pattern,priority,hostid) values ('".zbx_ads($pattern)."',$priority,$hostid)";
 		$result=DBexecute($sql);
 		if($result)
 		{
@@ -51,9 +49,7 @@
                         return 0;
 		}
 
-		$pattern=addslashes($pattern);
-
-		$sql="update autoreg set pattern='$pattern',priority=$priority,hostid=$hostid where id=$id";
+		$sql="update autoreg set pattern='".zbx_ads($pattern)."',priority=$priority,hostid=$hostid where id=$id";
 
 		return	DBexecute($sql);
 	}
diff --git a/frontends/php/include/config.inc.php b/frontends/php/include/config.inc.php
index 85e0077d..437c8b4f 100644
--- a/frontends/php/include/config.inc.php
+++ b/frontends/php/include/config.inc.php
@@ -690,10 +690,24 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!!
 		return	$config;
 	}
 
+	function	show_infomsg()
+	{
+		global	$INFO_MSG;
+
+		if(is_array($INFO_MSG))
+		{
+			echo "<p align=center class=\"info\">";
+			while(list($key, $val)=each($INFO_MSG))
+			{
+				echo $val."<br>";
+			}
+			echo "</p>";
+		}
+	}
+
 	function	show_messages($bool=TRUE,$msg=NULL,$errmsg=NULL)
 	{
 		global	$ERROR_MSG;
-		global	$INFO_MSG;
 
 		if(!$bool)
 		{
@@ -710,23 +724,18 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!!
 
 			$color="#223344";
 		}
-		echo "<p align=center>";
-		echo "<font color='$color'>";
-		if(isset($msg))
-			echo "<b>[$msg]</b>";
-		echo "</font>";
-		echo "</p>";
 
-		if(is_array($INFO_MSG))
+		if(isset($msg))
 		{
-			echo "<p align=center class=\"info\">";
-			while(list($key, $val)=each($INFO_MSG))
-			{
-				echo $val."<br>";
-			}
+			echo "<p align=center>";
+			echo "<font color='$color'>";
+			echo "<b>[$msg]</b>";
+			echo "</font>";
 			echo "</p>";
 		}
 
+		show_infomsg();
+
 		if(is_array($ERROR_MSG))
 		{
 			echo "<p align=center class=\"error\">";
@@ -1458,7 +1467,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!!
 			if($files["image"]["error"]==0)
 			if($files["image"]["size"]<1024*1024)
 			{
-				$image=addslashes(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"])));
+				$image=zbx_ads(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"])));
 				$sql="insert into images (name,imagetype,image) values ('$name',$imagetype,'$image')";
 				return	DBexecute($sql);
 			}
@@ -1482,7 +1491,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!!
 			if($files["image"]["error"]==0)
 			if($files["image"]["size"]<1024*1024)
 			{
-				$image=addslashes(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"])));
+				$image=zbx_ads(fread(fopen($files["image"]["tmp_name"],"r"),filesize($files["image"]["tmp_name"])));
 				$sql="update images set name='$name',imagetype='$imagetype',image='$image' where imageid='$imageid'";
 				return	DBexecute($sql);
 			}
@@ -1797,7 +1806,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!!
 	{
 		$ret = 0;
 
-		$description=addslashes($description);
+		$description=zbx_ads($description);
 		$sql="select * from media_type where description='$description' and mediatypeid!=$mediatypeid";
 		$result=DBexecute($sql);
 		if(DBnum_rows($result)>0)
@@ -1823,7 +1832,7 @@ function SDI($msg) { echo "DEBUG INFO: $msg ".BR; } # DEBUG INFO!!!
 			return 0;
 		}
 
-		$description=addslashes($description);
+		$description=zbx_ads($description);
 		$sql="select * from media_type where description='$description'";
 		$result=DBexecute($sql);
 		if(DBnum_rows($result)>0)
diff --git a/frontends/php/include/items.inc.php b/frontends/php/include/items.inc.php
index b2e02deb..56e1c5e3 100644
--- a/frontends/php/include/items.inc.php
+++ b/frontends/php/include/items.inc.php
@@ -107,14 +107,7 @@
 			$delta=0;
 		}
 
-		$key=addslashes($key);
-		$description=addslashes($description);
-		$logtimefmt=addslashes($logtimefmt);
-		$snmpv3_securityname=addslashes($snmpv3_securityname);
-		$snmpv3_authpassphrase=addslashes($snmpv3_authpassphrase);
-		$snmpv3_privpassphrase=addslashes($snmpv3_privpassphrase);
-
-		$sql="insert into items (description,key_,hostid,delay,history,nextcheck,status,type,snmp_community,snmp_oid,value_type,trapper_hosts,snmp_port,units,multiplier,delta,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authpassphrase,snmpv3_privpassphrase,formula,trends,logtimefmt) values ('$description','$key',$hostid,$delay,$history,0,$status,$type,'$snmp_community','$snmp_oid',$value_type,'$trapper_hosts',$snmp_port,'$units',$multiplier,$delta,'$snmpv3_securityname',$snmpv3_securitylevel,'$snmpv3_authpassphrase','$snmpv3_privpassphrase','$formula',$trends,'$logtimefmt')";
+		$sql="insert into items (description,key_,hostid,delay,history,nextcheck,status,type,snmp_community,snmp_oid,value_type,trapper_hosts,snmp_port,units,multiplier,delta,snmpv3_securityname,snmpv3_securitylevel,snmpv3_authpassphrase,snmpv3_privpassphrase,formula,trends,logtimefmt) values ('".zbx_ads($description)."','".zbx_ads($key)."',".zbx_ads($hostid).",".zbx_ads($delay).",".zbx_ads($history).",0,".zbx_ads($status).",".zbx_ads($type).",'".zbx_ads($snmp_community)."','".zbx_ads($snmp_oid)."',".zbx_ads($value_type).",'".zbx_ads($trapper_hosts)."',".zbx_ads($snmp_port).",'".zbx_ads($units)."',".zbx_ads($multiplier).",".zbx_ads($delta).",'".zbx_ads($snmpv3_securityname)."',".zbx_ads($snmpv3_securitylevel).",'".zbx_ads($snmpv3_authpassphrase)."','".zbx_ads($snmpv3_privpassphrase)."','".zbx_ads($formula)."',".zbx_ads($trends).",'".zbx_ads($logtimefmt)."')";
 		$result=DBexecute($sql);
 		if($result)
 		{
@@ -167,17 +160,10 @@
 			$delta=0;
 		}
 
-		$key=addslashes($key);
-		$description=addslashes($description);
-		$logtimefmt=addslashes($logtimefmt);
-		$snmpv3_securityname=addslashes($snmpv3_securityname);
-		$snmpv3_authpassphrase=addslashes($snmpv3_authpassphrase);
-		$snmpv3_privpassphrase=addslashes($snmpv3_privpassphrase);
-
-		$sql="update items set lastlogsize=0 where itemid=$itemid and key_<>'$key'";
+		$sql="update items set lastlogsize=0 where itemid=".zbx_ads($itemid)." and key_<>'".zbx_ads($key)."'";
 		DBexecute($sql);
 
-		$sql="update items set description='$description',key_='$key',hostid=$hostid,delay=$delay,history=$history,nextcheck=0,status=$status,type=$type,snmp_community='$snmp_community',snmp_oid='$snmp_oid',value_type=$value_type,trapper_hosts='$trapper_hosts',snmp_port=$snmp_port,units='$units',multiplier=$multiplier,delta=$delta,snmpv3_securityname='$snmpv3_securityname',snmpv3_securitylevel=$snmpv3_securitylevel,snmpv3_authpassphrase='$snmpv3_authpassphrase',snmpv3_privpassphrase='$snmpv3_privpassphrase',formula='$formula',trends=$trends,logtimefmt='$logtimefmt' where itemid=$itemid";
+		$sql="update items set description='".zbx_ads($description)."',key_='".zbx_ads($key)."',hostid=".zbx_ads($hostid).",delay=".zbx_ads($delay).",history=".zbx_ads($history).",nextcheck=0,status=".zbx_ads($status).",type=".zbx_ads($type).",snmp_community='".zbx_ads($snmp_community)."',snmp_oid='".zbx_ads($snmp_oid)."',value_type=".zbx_ads($value_type).",trapper_hosts='".zbx_ads($trapper_hosts)."',snmp_port=".zbx_ads($snmp_port).",units='".zbx_ads($units)."',multiplier=".zbx_ads($multiplier).",delta=".zbx_ads($delta).",snmpv3_securityname='".zbx_ads($snmpv3_securityname)."',snmpv3_securitylevel=".zbx_ads($snmpv3_securitylevel).",snmpv3_authpassphrase='".zbx_ads($snmpv3_authpassphrase)."',snmpv3_privpassphrase='".zbx_ads($snmpv3_privpassphrase)."',formula='".zbx_ads($formula)."',trends=".zbx_ads($trends).",logtimefmt='".zbx_ads($logtimefmt)."' where itemid=".zbx_ads($itemid);
 		$result=DBexecute($sql);
 		if($result)
 		{
diff --git a/frontends/php/include/profiles.inc.php b/frontends/php/include/profiles.inc.php
index db66663a..e94ff270 100644
--- a/frontends/php/include/profiles.inc.php
+++ b/frontends/php/include/profiles.inc.php
@@ -38,19 +38,7 @@
 			return 0;
 		}
 
-		$devicetype=addslashes($devicetype);
-		$name=addslashes($name);
-		$os=addslashes($os);
-		$serialno=addslashes($serialno);
-		$tag=addslashes($tag);
-		$macaddress=addslashes($macaddress);
-		$hardware=addslashes($hardware);
-		$software=addslashes($software);
-		$contact=addslashes($contact);
-		$location=addslashes($location);
-		$notes=addslashes($notes);
-
-		$sql="insert into hosts_profiles (hostid,devicetype,name,os,serialno,tag,macaddress,hardware,software,contact,location,notes) values ($hostid,'$devicetype','$name','$os','$serialno','$tag','$macaddress','$hardware','$software','$contact','$location','$notes')";
+		$sql="insert into hosts_profiles (hostid,devicetype,name,os,serialno,tag,macaddress,hardware,software,contact,location,notes) values (".zbx_ads($hostid).",'".zbx_ads($devicetype)."','".zbx_ads($name)."','".zbx_ads($os)."','".zbx_ads($serialno)."','".zbx_ads($tag)."','".zbx_ads($macaddress)."','".zbx_ads($hardware)."','".zbx_ads($software)."','".zbx_ads($contact)."','".zbx_ads($location)."','".zbx_ads($notes)."')";
 		$result=DBexecute($sql);
 		
 		return	$result;
@@ -75,19 +63,7 @@
 			return 0;
 		}
 
-		$devicetype=addslashes($devicetype);
-		$name=addslashes($name);
-		$os=addslashes($os);
-		$serialno=addslashes($serialno);
-		$tag=addslashes($tag);
-		$macaddress=addslashes($macaddress);
-		$hardware=addslashes($hardware);
-		$software=addslashes($software);
-		$contact=addslashes($contact);
-		$location=addslashes($location);
-		$notes=addslashes($notes);
-
-		$sql="update hosts_profiles set devicetype='$devicetype',name='$name',os='$os',serialno='$serialno',tag='$tag',macaddress='$macaddress',hardware='$hardware',software='$software',contact='$contact',location='$location',notes='$notes' where hostid=$hostid";
+		$sql="update hosts_profiles set devicetype='".zbx_ads($devicetype)."',name='".zbx_ads($name)."',os='".zbx_ads($os)."',serialno='".zbx_ads($serialno)."',tag='".zbx_ads($tag)."',macaddress='".zbx_ads($macaddress)."',hardware='".zbx_ads($hardware)."',software='".zbx_ads($software)."',contact='".zbx_ads($contact)."',location='".zbx_ads($location)."',notes='".zbx_ads($notes)."' where hostid=".zbx_ads($hostid);
 		$result=DBexecute($sql);
 		
 		return	$result;
diff --git a/frontends/php/include/services.inc.php b/frontends/php/include/services.inc.php
index 2d791c69..7a63d508 100644
--- a/frontends/php/include/services.inc.php
+++ b/frontends/php/include/services.inc.php
@@ -42,7 +42,7 @@
 //			{
 				$description=expand_trigger_description($triggerid);
 //			}
-			$description=addslashes($description);
+			$description=zbx_ads($description);
 			$sql="insert into services (name,triggerid,status,algorithm,showsla,goodsla,sortorder) values ('$description',$triggerid,0,$algorithm,$showsla,$goodsla,$sortorder)";
 		}
 		else
diff --git a/frontends/php/include/triggers.inc.php b/frontends/php/include/triggers.inc.php
index be904fbf..7e3d3fd3 100644
--- a/frontends/php/include/triggers.inc.php
+++ b/frontends/php/include/triggers.inc.php
@@ -27,8 +27,7 @@
 			return	0;
 		}
 
-		$comments=addslashes($comments);
-		$sql="update triggers set comments='$comments' where triggerid=$triggerid";
+		$sql="update triggers set comments='".zbx_ads($comments)."' where triggerid=".zbx_ads($triggerid);
 		return	DBexecute($sql);
 	}
 
@@ -110,8 +109,7 @@
 //			return	0;
 //		}
 
-#		$description=addslashes($description);
-		$sql="insert into triggers  (description,priority,status,comments,url,value,error) values ('$description',$priority,$status,'$comments','$url',2,'Trigger just added. No status update so far.')";
+		$sql="insert into triggers  (description,priority,status,comments,url,value,error) values ('".zbx_ads($description)."',".zbx_ads($priority).",".zbx_ads($status).",'".zbx_ads($comments)."','".zbx_ads($url)."',2,'Trigger just added. No status update so far.')";
 #		echo $sql,"<br>";
 		$result=DBexecute($sql);
 		if(!$result)
@@ -124,7 +122,7 @@
 		add_alarm($triggerid,2);
  
 		$expression=implode_exp($expression,$triggerid);
-		$sql="update triggers set expression='$expression' where triggerid=$triggerid";
+		$sql="update triggers set expression='".zbx_ads($expression)."' where triggerid=".zbx_ads($triggerid);
 #		echo $sql,"<br>";
 		DBexecute($sql);
 		reset_items_nextcheck($triggerid);
@@ -339,7 +337,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid";
 		{
 			if($row["triggers"]&3 == 0)	continue;
 #get triggers
-			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
+			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
 			$result2=DBselect($sql);
 			// Loop: triggers
 			while($row2=DBfetch($result2))
@@ -424,7 +422,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid";
 
 			if($row["triggers"]&1 == 0)	continue;
 
-			$sql="insert into triggers  (description,priority,status,comments,url,value,expression) values ('".addslashes($trigger["description"])."',".$trigger["priority"].",".$trigger["status"].",'".addslashes($trigger["comments"])."','".addslashes($trigger["url"])."',2,'$expression_old')";
+			$sql="insert into triggers  (description,priority,status,comments,url,value,expression) values ('".zbx_ads($trigger["description"])."',".$trigger["priority"].",".$trigger["status"].",'".zbx_ads($trigger["comments"])."','".zbx_ads($trigger["url"])."',2,'$expression_old')";
 			$result4=DBexecute($sql);
 			$triggerid_new=DBinsert_id($result4,"triggers","triggerid");
 
@@ -491,7 +489,7 @@ where h.hostid=i.hostid and i.itemid=f.itemid and f.triggerid=$triggerid";
 		{
 			if($row["triggers"]&4 == 0)	continue;
 
-			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".addslashes($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
+			$sql="select distinct f.triggerid from functions f,items i,triggers t where t.description='".zbx_ads($trigger["description"])."' and t.triggerid=f.triggerid and i.itemid=f.itemid and i.hostid=".$row["hostid"];
 			$result2=DBselect($sql);
 			while($row2=DBfetch($result2))
 			{
diff --git a/frontends/php/include/validate.inc.php b/frontends/php/include/validate.inc.php
index 35196f9d..ff0279d2 100644
--- a/frontends/php/include/validate.inc.php
+++ b/frontends/php/include/validate.inc.php
@@ -19,6 +19,12 @@
 **/
 ?>
 <?php
+	function	zbx_adds($var)
+	{
+		if(!get_magic_quotes_gpc()) return addslashes($var);
+		else return $var;
+	}
+
 	function	BETWEEN($min,$max)
 	{
 		return "({}>=$min&&{}<=$max)&&";
@@ -73,7 +79,7 @@
 		{
 			if(!isset($fields[$key]))
 			{
-////				echo "Unset: $key<br>";
+				echo "Unset: $key<br>";
 				unset($_REQUEST[$key]);
 			}
 		}
@@ -103,6 +109,7 @@
 			if(($flags&P_ACT)&&(isset($_REQUEST[$field])))
 			{
 //				info("Unset:".$field);
+				echo "Unset:".$field."<br>";
 				unset($_REQUEST[$field]);
 			}
 		}
@@ -112,6 +119,8 @@
 	{
 		foreach($_REQUEST as $key => $val)
 		{
+//			info("Unset:".$_REQUEST[$key]);
+			echo "Unset:".$_REQUEST[$key]."<br>";
 			unset($_REQUEST[$key]);
 		}
 	}
@@ -122,15 +131,13 @@
 
 		$ret = TRUE;
 
-		return $ret;
-
 		$critical = FALSE;
 
 		foreach($fields as $field => $checks)
 		{
 			list($type,$opt,$flags,$validation,$exception)=$checks;
 
-//			info("Field: $field");
+//			echo "Field: $field<br>";
 
 			if($exception==NULL)	$except=FALSE;
 			else			$except=calc_exp($fields,$field,$exception);
@@ -241,10 +248,6 @@
 					}
 				}
 			}
-
-			if(isset($_REQUEST[$field])&&!get_magic_quotes_gpc()) {
-				$_REQUEST[$field]=addslashes($_REQUEST[$field]);
-			}
 		}
 		unset_not_in_list($fields);
 		unset_if_zero($fields);
@@ -258,7 +261,7 @@
 		{
 			unset_action_vars($fields);
 		}
-		show_messages();
+		show_infomsg();
 		return $ret;
 	}
 ?>
diff --git a/frontends/php/overview.php b/frontends/php/overview.php
index 657405d2..25b5411d 100644
--- a/frontends/php/overview.php
+++ b/frontends/php/overview.php
@@ -224,14 +224,14 @@
 			$_REQUEST["sort"]="order by i.description";
 		}
 //		$sql="select distinct description from items order by 1;";
-		$sql="select distinct t.description from hosts h,items i,hosts_groups hg,triggers t,functions f where h.status=".HOST_STATUS_MONITORED." and t.status=".TRIGGER_STATUS_ENABLED." and h.hostid=i.hostid and hg.groupid=".$_REQUEST["groupid"]." and hg.hostid=h.hostid and t.triggerid=f.triggerid and f.itemid=i.itemid order by 1";
+		$sql="select distinct t.description from hosts h,items i,hosts_groups hg,triggers t,functions f where h.status=".HOST_STATUS_MONITORED." and t.status=".TRIGGER_STATUS_ENABLED." and h.hostid=i.hostid and hg.groupid=".zbx_ads($_REQUEST["groupid"])." and hg.hostid=h.hostid and t.triggerid=f.triggerid and f.itemid=i.itemid order by 1";
 		$result=DBselect($sql);
 		while($row=DBfetch($result))
 		{
 			$rows=array(nbsp($row["description"]));
 			foreach($hosts as $hostid)
 			{
-				$sql="select t.status,t.value,t.lastchange from triggers t,functions f,items i where f.triggerid=t.triggerid and i.itemid=f.itemid and t.status=".TRIGGER_STATUS_ENABLED." and i.hostid=$hostid and t.description='".addslashes($row["description"])."'";
+				$sql="select t.status,t.value,t.lastchange from triggers t,functions f,items i where f.triggerid=t.triggerid and i.itemid=f.itemid and t.status=".TRIGGER_STATUS_ENABLED." and i.hostid=".zbx_ads($hostid)." and t.description='".zbx_ads($row["description"])."'";
 				$result2=DBselect($sql);
 				if(DBnum_rows($result2)==1)
 				{
diff --git a/frontends/php/users.php b/frontends/php/users.php
index 308ef3bb..bc709a24 100644
--- a/frontends/php/users.php
+++ b/frontends/php/users.php
@@ -96,9 +96,9 @@
 			}
 			if($result){
 				add_audit($action,AUDIT_RESOURCE_USER,
-					"User alias [".addslashes($_REQUEST["alias"]).
-					"] name [".addslashes($_REQUEST["name"])."] surname [".
-					addslashes($_REQUEST["surname"])."]]");
+					"User alias [".zbx_ads($_REQUEST["alias"]).
+					"] name [".zbx_ads($_REQUEST["name"])."] surname [".
+					zbx_ads($_REQUEST["surname"])."]]");
 				unset($_REQUEST["form"]);
 			}
 		}
author	hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2006-01-31 16:09:35 +0000
committer	hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082>	2006-01-31 16:09:35 +0000
commit	d07f777ed2cf0103ed550166f9b0e783db064255 (patch)
tree	fb331ae19aff60bdf2cea11bd99e34a99f45bc1d /frontends/php
parent	78776cf62621df9e12f0b791753174e638440efe (diff)
download	zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.tar.gz zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.tar.xz zabbix-d07f777ed2cf0103ed550166f9b0e783db064255.zip