Digitalstack/ZnoteAAC
2
0
Fork 0
mirror of https://github.com/Znote/ZnoteAAC.git synced 2025-04-30 03:09:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Security vulnerability

Browse Source
This commit is contained in:
Rhuan Gonzaga 2014-07-01 10:41:31 -03:00
parent 4a1ba0b2c2
commit 790c4c576e
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
helpdesk.php
View File

@ -7,9 +7,11 @@ if (user_logged_in() === false) {
include 'layout/overall/header.php'; include 'layout/overall/header.php';
if (isset($_GET['view'])) { $view = (int)$_GET['view'];
if ($view) {
if (!empty($_POST['reply_text'])) { if (!empty($_POST['reply_text'])) {
sanitize($_POST['reply_text']);
// Save ticket reply on database // Save ticket reply on database
$query = array( $query = array(
@ -19,6 +21,9 @@ if (isset($_GET['view'])) {
'created' => time(), 'created' => time(),
); );
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`'; $fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\''; $data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)"); mysql_insert("INSERT INTO `znote_tickets_replies` ($fields) VALUES ($data)");
@ -26,7 +31,7 @@ if (isset($_GET['view'])) {
} }
$ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes($_GET['view'])); $ticketData = mysql_select_single("SELECT * FROM znote_tickets WHERE id=". addslashes((int)$_GET['view']));
if($ticketData['owner'] != $session_user_id){ if($ticketData['owner'] != $session_user_id){
echo 'You can not view this ticket!'; echo 'You can not view this ticket!';
@ -55,7 +60,7 @@ die;
</table> </table>
<?php <?php
$replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". $_GET['view'] ."' ORDER BY `created`;"); $replies = mysql_select_multi("SELECT * FROM znote_tickets_replies WHERE tid='". (int)$_GET['view'] ."' ORDER BY `created`;");
if ($replies !== false) { if ($replies !== false) {
foreach($replies as $reply) { foreach($replies as $reply) {
?> ?>
@ -175,13 +180,16 @@ if (isset($_GET['success']) && empty($_GET['success'])) {
'status' => 'Open' 'status' => 'Open'
); );
//Sanitize array
array_walk($query, 'array_sanitize');
$fields = '`'. implode('`, `', array_keys($query)) .'`'; $fields = '`'. implode('`, `', array_keys($query)) .'`';
$data = '\''. implode('\', \'', $query) .'\''; $data = '\''. implode('\', \'', $query) .'\'';
mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)"); mysql_insert("INSERT INTO `znote_tickets` ($fields) VALUES ($data)");
header('Location: helpdesk.php?success'); header('Location: helpdesk.php?success');
exit(); exit();
//End register
} else if (empty($errors) === false){ } else if (empty($errors) === false){
echo '<font color="red"><b>'; echo '<font color="red"><b>';