Changeset 6579

Show
Ignore:
Timestamp:
09/06/08 08:28:11 (3 months ago)
Author:
p_lindheimer
Message:

additional sanity checks on callmonitor sql paramters

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/branches/2.5/amp_conf/htdocs/recordings/includes/display.php

    r1395 r6579  
    171171  function displayNavigationBlock($m,$q,$url_opts,$start,$span,$total) { 
    172172 
    173     $start = $start=='' ? 0 : $start
    174     $span = $span=='' ? 15 : $span
     173    $start = ($start=='' || !ctype_digit($start)) ? 0 : $start
     174    $span = ($span=='' || !ctype_digit($span)) ? 15 : $span
    175175 
    176176    $total_pages = ceil($total/$span); 

  • freepbx/branches/2.5/amp_conf/htdocs/recordings/modules/callmonitor.module

    r6563 r6579  
    115115    $duration_filter = getArgument($args,'duration_filter'); 
    116116 
    117     $start = $start=='' ? 0 : $start; 
    118     $span = $span=='' ? 15 : $span; 
     117    $start = ($start=='' || !ctype_digit($start)) ? 0 : $start; 
     118    $span = ($span=='' || !ctype_digit($span)) ? 15 : $span; 
    119119    $order = $order=='' ? 'calldate' : $order; 
    120     $sort = $sort=='' ? 'desc' : $sort
     120    $sort = ($sort=='' || strtolower($sort) == 'desc') ? 'desc' : 'asc'
    121121 
    122122    $displayname = $_SESSION['ari_user']['displayname']; 
     
    552552   */ 
    553553  function getSearchText($q,$duration_filter) { 
     554 
     555    $duration_filter = ctype_digit($duration_filter) ? $duration_filter : 0; 
    554556 
    555557    // search text 
     
    668670 
    669671    $dbh = $_SESSION['dbh_cdr']; 
     672    $order = $dbh->escapeSimple($order); 
    670673    $sql = "SELECT * 
    671674            FROM " . $ASTERISKCDR_DBTABLE . "  
Donate



Support
Download
Develop
Forums
News
Documentation
Paid Support
About

Paid Ads