ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

skins/classic/views/control.php second order sqli (#2422)

This commit is contained in:
Matt N 2019-01-19 06:46:21 -08:00 committed by Isaac Connor
parent 02fd1e79b3
commit c0a6e54d60
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
web/skins/classic/views/control.php
View File

@ -23,17 +23,18 @@ if ( !canView( 'Control' ) ) {
return;
}
$params = array();
$groupSql = '';
if ( !empty($_REQUEST['group']) ) {
$row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, array($_REQUEST['group']) );
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
$groupSql = " AND gm.GroupId = :groupid";
$params[":groupid"] = $_REQUEST['group'];
}
$mid = !empty($_REQUEST['mid']) ? validInt($_REQUEST['mid']) : 0;
$sql = "SELECT * FROM Monitors WHERE Function != 'None' AND Controllable = 1$groupSql ORDER BY Sequence";
$sql = "SELECT m.* FROM Monitors m INNER JOIN Groups_Monitors AS gm ON m.Id = gm.MonitorId WHERE m.Function != 'None' AND m.Controllable = 1$groupSql ORDER BY Sequence";
$mids = array();
foreach( dbFetchAll( $sql ) as $row ) {
foreach( dbFetchAll( $sql, false, $params ) as $row ) {
if ( !visibleMonitor( $row['Id'] ) ) {
continue;
}