From c0a6e54d60d3a8f297cc5f2ef6a862f6f00d746e Mon Sep 17 00:00:00 2001 From: Matt N Date: Sat, 19 Jan 2019 06:46:21 -0800 Subject: [PATCH] skins/classic/views/control.php second order sqli (#2422) --- web/skins/classic/views/control.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/web/skins/classic/views/control.php b/web/skins/classic/views/control.php index d21a629ee..c40740bca 100644 --- a/web/skins/classic/views/control.php +++ b/web/skins/classic/views/control.php @@ -23,17 +23,18 @@ if ( !canView( 'Control' ) ) { return; } +$params = array(); $groupSql = ''; if ( !empty($_REQUEST['group']) ) { - $row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, array($_REQUEST['group']) ); - $groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )"; + $groupSql = " AND gm.GroupId = :groupid"; + $params[":groupid"] = $_REQUEST['group']; } $mid = !empty($_REQUEST['mid']) ? validInt($_REQUEST['mid']) : 0; -$sql = "SELECT * FROM Monitors WHERE Function != 'None' AND Controllable = 1$groupSql ORDER BY Sequence"; +$sql = "SELECT m.* FROM Monitors m INNER JOIN Groups_Monitors AS gm ON m.Id = gm.MonitorId WHERE m.Function != 'None' AND m.Controllable = 1$groupSql ORDER BY Sequence"; $mids = array(); -foreach( dbFetchAll( $sql ) as $row ) { +foreach( dbFetchAll( $sql, false, $params ) as $row ) { if ( !visibleMonitor( $row['Id'] ) ) { continue; }