From 6baf1bdda009c10acadac93035e38d2c431ca324 Mon Sep 17 00:00:00 2001
From: hugetoad <hugetoad@97f52cf1-0a1b-0410-bd0e-c28be96e8082>
Date: Thu, 2 Feb 2006 06:37:42 +0000
Subject:  - GUI made immune to SQL injection attacks (Alexei)

git-svn-id: svn://svn.zabbix.com/trunk@2600 97f52cf1-0a1b-0410-bd0e-c28be96e8082
---
 frontends/php/map.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'frontends/php/map.php')

diff --git a/frontends/php/map.php b/frontends/php/map.php
index c3049e1b..8b10e07e 100644
--- a/frontends/php/map.php
+++ b/frontends/php/map.php
@@ -86,7 +86,7 @@
 #	ImageFilledRectangle($im,0,0,$width,$height,$black);
 	if($background!="")
 	{
-		$sql="select image from images where imagetype=2 and name='$background'";
+		$sql="select image from images where imagetype=2 and name='".zbx_ads($background)."'";
 		$result2=DBselect($sql);
 		if(DBnum_rows($result2)==1)
 		{
@@ -286,7 +286,7 @@
 				$icons[$icon]=ImageCreateFromPNG("images/sysmaps/old/$icon.png");
 			}
 */
-			$sql="select image from images where imagetype=1 and name='$icon'";
+			$sql="select image from images where imagetype=1 and name='".zbx_ads($icon)."'";
 			$result2=DBselect($sql);
 			if(DBnum_rows($result2)!=1)
 			{
-- 
cgit