skins/classic/views/control.php second order sqli (#2422)
This commit is contained in:
parent
02fd1e79b3
commit
c0a6e54d60
|
@ -23,17 +23,18 @@ if ( !canView( 'Control' ) ) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$params = array();
|
||||||
$groupSql = '';
|
$groupSql = '';
|
||||||
if ( !empty($_REQUEST['group']) ) {
|
if ( !empty($_REQUEST['group']) ) {
|
||||||
$row = dbFetchOne( 'SELECT * FROM Groups WHERE Id = ?', NULL, array($_REQUEST['group']) );
|
$groupSql = " AND gm.GroupId = :groupid";
|
||||||
$groupSql = " and find_in_set( Id, '".$row['MonitorIds']."' )";
|
$params[":groupid"] = $_REQUEST['group'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$mid = !empty($_REQUEST['mid']) ? validInt($_REQUEST['mid']) : 0;
|
$mid = !empty($_REQUEST['mid']) ? validInt($_REQUEST['mid']) : 0;
|
||||||
|
|
||||||
$sql = "SELECT * FROM Monitors WHERE Function != 'None' AND Controllable = 1$groupSql ORDER BY Sequence";
|
$sql = "SELECT m.* FROM Monitors m INNER JOIN Groups_Monitors AS gm ON m.Id = gm.MonitorId WHERE m.Function != 'None' AND m.Controllable = 1$groupSql ORDER BY Sequence";
|
||||||
$mids = array();
|
$mids = array();
|
||||||
foreach( dbFetchAll( $sql ) as $row ) {
|
foreach( dbFetchAll( $sql, false, $params ) as $row ) {
|
||||||
if ( !visibleMonitor( $row['Id'] ) ) {
|
if ( !visibleMonitor( $row['Id'] ) ) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue