Changeset 2418
- Timestamp:
- 09/13/06 21:55:34 (2 years ago)
- Files:
-
- freepbx/trunk (modified) (1 prop)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/about.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/call-comp.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/call-daily-load.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/call-last-month.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/cdr.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_hourdetail.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_pie.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_stat.php (modified) (1 diff)
- freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_statbar.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
freepbx/trunk
- Property svnmerge-integrated changed from /freepbx/branches/2.1:1-2057,2059,2061-2078,2282,2287 to /freepbx/branches/2.1:1-2057,2059,2061-2078,2282,2287,2413
freepbx/trunk/amp_conf/htdocs/admin/cdr/about.php
r926 r2418 9 9 if (isset($_POST[$test_var])) { 10 10 global $$test_var; 11 $$test_var = $_POST[$test_var];11 $$test_var = mysql_real_escape_string($_POST[$test_var]); 12 12 } elseif (isset($_GET[$test_var])) { 13 13 global $$test_var; 14 $$test_var = $_GET[$test_var];14 $$test_var = mysql_real_escape_string($_GET[$test_var]); 15 15 } 16 16 } freepbx/trunk/amp_conf/htdocs/admin/cdr/call-comp.php
r926 r2418 132 132 if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 133 133 }else{ $SQLcmd = "$SQLcmd WHERE "; } 134 $SQLcmd = "$SQLcmd calldate<'". $_POST['before']."'";134 $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_POST['before'])."'"; 135 135 } 136 136 if ($_POST['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 137 137 } else { $SQLcmd = "$SQLcmd WHERE "; } 138 $SQLcmd = "$SQLcmd calldate>'". $_POST['after']."'";138 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 139 139 } 140 140 $SQLcmd = do_field($SQLcmd, 'clid'); freepbx/trunk/amp_conf/htdocs/admin/cdr/call-daily-load.php
r926 r2418 129 129 if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 130 130 }else{ $SQLcmd = "$SQLcmd WHERE "; } 131 $SQLcmd = "$SQLcmd calldate<'". $_POST['before']."'";131 $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_POST['before'])."'"; 132 132 } 133 133 if ($_POST['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 134 134 } else { $SQLcmd = "$SQLcmd WHERE "; } 135 $SQLcmd = "$SQLcmd calldate>'". $_POST['after']."'";135 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 136 136 } 137 137 $SQLcmd = do_field($SQLcmd, 'clid'); freepbx/trunk/amp_conf/htdocs/admin/cdr/call-last-month.php
r926 r2418 135 135 if ($_POST['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 136 136 } else { $SQLcmd = "$SQLcmd WHERE "; } 137 $SQLcmd = "$SQLcmd calldate>'". $_POST['after']."'";137 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 138 138 } 139 139 $SQLcmd = do_field($SQLcmd, 'clid'); freepbx/trunk/amp_conf/htdocs/admin/cdr/cdr.php
r926 r2418 21 21 if (isset($_POST[$test_var])) { 22 22 global $$test_var; 23 $$test_var = $_POST[$test_var];23 $$test_var = mysql_real_escape_string($_POST[$test_var]); 24 24 } elseif (isset($_GET[$test_var])) { 25 25 global $$test_var; 26 $$test_var = $_GET[$test_var];26 $$test_var = mysql_real_escape_string($_GET[$test_var]); 27 27 } 28 28 } freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_hourdetail.php
r173 r2418 84 84 if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 85 85 }else{ $SQLcmd = "$SQLcmd WHERE "; } 86 $SQLcmd = "$SQLcmd calldate<'". $_POST['before']."'";86 $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_POST['before'])."'"; 87 87 } 88 88 if ($_POST['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 89 89 } else { $SQLcmd = "$SQLcmd WHERE "; } 90 $SQLcmd = "$SQLcmd calldate>'". $_POST['after']."'";90 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 91 91 } 92 92 $SQLcmd = do_field($SQLcmd, 'clid'); freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_pie.php
r993 r2418 100 100 if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 101 101 }else{ $SQLcmd = "$SQLcmd WHERE "; } 102 $SQLcmd = "$SQLcmd calldate<'". $_POST['before']."'";102 $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_GET['before'])."'"; 103 103 } 104 104 if ($_GET['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 105 105 } else { $SQLcmd = "$SQLcmd WHERE "; } 106 $SQLcmd = "$SQLcmd calldate>'". $_GET['after']."'";106 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_GET['after'])."'"; 107 107 } 108 108 $SQLcmd = do_field($SQLcmd, 'clid'); freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_stat.php
r351 r2418 97 97 if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 98 98 }else{ $SQLcmd = "$SQLcmd WHERE "; } 99 $SQLcmd = "$SQLcmd calldate<'". $_POST['before']."'";99 $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_GET['before'])."'"; 100 100 } 101 101 if ($_GET['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 102 102 } else { $SQLcmd = "$SQLcmd WHERE "; } 103 $SQLcmd = "$SQLcmd calldate>'". $_GET['after']."'";103 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_GET['after'])."'"; 104 104 } 105 105 $SQLcmd = do_field($SQLcmd, 'clid'); freepbx/trunk/amp_conf/htdocs/admin/cdr/graph_statbar.php
r173 r2418 97 97 if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 98 98 }else{ $SQLcmd = "$SQLcmd WHERE "; } 99 $SQLcmd = "$SQLcmd calldate<'". $_POST['before']."'";99 $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_GET['before'])."'"; 100 100 } 101 101 if ($_GET['after']) { if (strpos($SQLcmd, 'WHERE') > 0) { $SQLcmd = "$SQLcmd AND "; 102 102 } else { $SQLcmd = "$SQLcmd WHERE "; } 103 $SQLcmd = "$SQLcmd calldate>'". $_GET['after']."'";103 $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_GET['after'])."'"; 104 104 } 105 105 $SQLcmd = do_field($SQLcmd, 'clid');
