[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] tts/index.php, 1.49
|
From: |
nomail |
|
Subject: |
[Phpgroupware-cvs] tts/index.php, 1.49 |
|
Date: |
Mon, 11 Oct 2004 17:42:50 +0200 |
Update of /tts
Modified Files:
Branch:
index.php
date: 2004/10/11 15:42:50; author: fipsfuchs; state: Exp; lines: +7 -7
Log Message:
security update
=====================================================================
Index: tts/index.php
diff -u tts/index.php:1.48 tts/index.php:1.49
--- tts/index.php:1.48 Mon Oct 11 09:43:14 2004
+++ tts/index.php Mon Oct 11 15:42:50 2004
@@ -57,8 +57,8 @@
// select what tickets to view
$start = $_GET['start'];
- $sort = $_GET['sort']; // security hole
- $order = $_GET['order']; // security hole
+ $sort = $GLOBALS['phpgw']->db->db_addslashes($_GET['sort']);
+ $order = $GLOBALS['phpgw']->db->db_addslashes($_GET['order']);
$_REQUEST['ticket']['filter_status'] =
!strlen($_REQUEST['ticket']['filter_status']) ? 'open' :
$_REQUEST['ticket']['filter_status'];
$GLOBALS['phpgw']->preferences->read_repository();
@@ -74,7 +74,7 @@
$filterstring = '';
if($_REQUEST['ticket']['filter_prio'] != '')
{
- $filterstring .= 'ticket_priority LIKE
'.$_POST['ticket']['filter_prio'].' AND '; //security hole
+ $filterstring .= 'ticket_priority LIKE
'.$GLOBALS['phpgw']->db->db_addslashes($_POST['ticket']['filter_prio']).' AND
'; //security hole
}
if($_REQUEST['ticket']['filter_owner'] != '')
@@ -142,8 +142,8 @@
$GLOBALS['phpgw']->template->set_var('tts_ticketsopen', lang('Tickets
open %1',$numopen));
// fill header
-
$GLOBALS['phpgw']->template->set_var('tts_head_bgcolor',$GLOBALS['phpgw_info']['theme']['th_bg']
);
-
$GLOBALS['phpgw']->template->set_var('th_bg',$GLOBALS['phpgw_info']['theme']['th_bg']
);
+ $GLOBALS['phpgw']->template->set_var('tts_head_bgcolor',
$GLOBALS['phpgw_info']['theme']['th_bg'] );
+ $GLOBALS['phpgw']->template->set_var('th_bg',
$GLOBALS['phpgw_info']['theme']['th_bg'] );
$GLOBALS['phpgw']->template->set_var('tts_head_ticket',
$GLOBALS['phpgw']->nextmatchs->show_sort_order($sort,'ticket_id',$order,'/tts/index.php','#'));
$GLOBALS['phpgw']->template->set_var('tts_head_prio',
$GLOBALS['phpgw']->nextmatchs->show_sort_order($sort,'ticket_priority',$order,'/tts/index.php',lang('Prio')));
$GLOBALS['phpgw']->template->set_var('tts_head_group',$GLOBALS['phpgw']->nextmatchs->show_sort_order($sort,'ticket_group',$order,'/tts/index.php',lang('Group')));
@@ -261,7 +261,7 @@
//
$GLOBALS['phpgw']->template->set_var('tts_t_timestampclosed',$assigned_to);
$GLOBALS['phpgw']->template->set_var('tts_t_timestampclosed',lang('Open'));
}
- $GLOBALS['phpgw']->template->set_var('tts_t_subject',
$GLOBALS['phpgw']->db->f('ticket_subject'));
+ $GLOBALS['phpgw']->template->set_var('tts_t_subject',
htmlspecialchars(stripslashes($GLOBALS['phpgw']->db->f('ticket_subject'))));
$GLOBALS['phpgw']->template->set_var('tts_t_prio',
$prio);
$GLOBALS['phpgw']->template->parse('rows','tts_row',True);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] tts/index.php, 1.49,
nomail <=