[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] tts/index.php, 1.43.2.7.2.2.2.7
From: |
nomail |
Subject: |
[Phpgroupware-cvs] tts/index.php, 1.43.2.7.2.2.2.7 |
Date: |
Wed, 6 Oct 2004 16:50:17 +0200 |
Update of /tts
Modified Files:
Branch: Version-0_9_16-branch
index.php
date: 2004/10/06 14:50:17; author: fipsfuchs; state: Exp; lines: +5 -5
Log Message:
more security holes fixed
=====================================================================
Index: tts/index.php
diff -u tts/index.php:1.43.2.7.2.2.2.6 tts/index.php:1.43.2.7.2.2.2.7
--- tts/index.php:1.43.2.7.2.2.2.6 Thu Sep 30 13:27:27 2004
+++ tts/index.php Wed Oct 6 14:50:17 2004
@@ -59,9 +59,9 @@
// select what tickets to view
$filter = $_REQUEST['filter'];
- $start = $_GET['start'];
- $sort = $_GET['sort'];
- $order = $_GET['order'];
+ $start = $_GET['start']; // not used ;-)
+ $sort = $GLOBALS['phpgw']->db->db_addslashes($_GET['sort']);
+ $order = $GLOBALS['phpgw']->db->db_addslashes($_GET['order']);
$searchfilter = $_REQUEST['searchfilter'];
if (!$filter)
@@ -73,7 +73,7 @@
{
if($_POST['ticket']['filter_prio'] != "")
{
- $filterstring = " and ticket_priority like
".$_POST['ticket']['filter_prio'];
+ $filterstring = " and ticket_priority like
".$GLOBALS['phpgw']->db->db_addslashes($_POST['ticket']['filter_prio']);
}
if($_POST['ticket']['filter_owner'] != "")
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] tts/index.php, 1.43.2.7.2.2.2.7,
nomail <=