ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'fix_sql_injection' into storageareas

This commit is contained in:
Isaac Connor 2016-12-08 15:52:52 -05:00
parent 08370b010e c8009baf3f
commit f68c73b4a8
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/ajax/log.php
View File

@ -46,7 +46,7 @@ switch ( $_REQUEST['task'] )
$maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL; $maxTime = isset($_POST['maxTime'])?$_POST['maxTime']:NULL;
$limit = 100; $limit = 100;
if ( isset($_POST['limit']) ) { if ( isset($_POST['limit']) ) {
if ( ! is_integer( $_POST['limit'] ) ) { if ( ( !is_integer( $_POST['limit'] ) and !ctype_digit($_POST['limit']) ) ) {
Error("Invalid value for limit " . ?$_POST['limit'] ); Error("Invalid value for limit " . ?$_POST['limit'] );
} else { } else {
$limit = $_POST['limit']; $limit = $_POST['limit'];
@ -57,7 +57,7 @@ switch ( $_REQUEST['task'] )
if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) {
Error("Invalid sort field " . $_POST['sortField'] ); Error("Invalid sort field " . $_POST['sortField'] );
} else { } else {
$sortField = $_POST['sortField'] $sortField = $_POST['sortField'];
} }
} }
$sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc';
@ -173,7 +173,7 @@ switch ( $_REQUEST['task'] )
if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) { if ( ! in_array( $_POST['sortField'], $filterFields ) and ( $_POST['sortField'] != 'TimeKey' ) ) {
Error("Invalid sort field " . $_POST['sortField'] ); Error("Invalid sort field " . $_POST['sortField'] );
} else { } else {
$sortField = $_POST['sortField'] $sortField = $_POST['sortField'];
} }
} }
$sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc'; $sortOrder = (isset($_POST['sortOrder']) and $_POST['sortOrder']) == 'asc' ? 'asc':'desc';