Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 03:09:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Security vulnerability

Browse Source
This commit is contained in:
Rhuan Gonzaga 2014-07-01 10:39:16 -03:00
parent 93c42dfe04
commit 4a1ba0b2c2
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
admin_helpdesk.php
View File

@ -2,9 +2,12 @@
protect_page(); protect_page();
admin_only($user_data); admin_only($user_data);
if (isset($_GET['view'])) { // Declare as int
$view = (int)$_GET['view'];
if ($view){
if (!empty($_POST['reply_text'])) { if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']);
// Save ticket reply on database // Save ticket reply on database
$query = array( $query = array(
@ -14,6 +17,9 @@ if (isset($_GET['view'])) {
'created' => time(), 'created' => time(),
); );
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`'; $fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\''; $data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
@ -21,7 +27,7 @@ if (isset($_GET['view'])) {
} }
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes($_GET['view'])); $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
?> ?>
<h1>View Ticket #<?php echo $ticketData['id']; ?></h1> <h1>View Ticket #<?php echo $ticketData['id']; ?></h1>
@ -46,7 +52,7 @@ $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addsl
</table> </table>
<?php <?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". $_GET['view'] ."' ORDER BY `created`;"); $replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". addslashes((int)$_GET['view']) ."' ORDER BY `created`;");
if ($replies !== false) { if ($replies !== false) {
foreach($replies as $reply) { foreach($replies as $reply) {
?> ?>