kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[security] using prepared query in the panel

This commit is contained in:
Benjamin Sonntag 2016-05-17 18:47:09 +02:00
parent 369ab3bf34
commit 0c505e8b6c
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
bureau/admin/piwik_useradmin.php
View File

@ -45,7 +45,7 @@ else
{ {
// Add a user to a piwik website // Add a user to a piwik website
if ($site_id != -1 && $right !== FALSE) { if ($site_id != -1 && $right !== FALSE) {
$db->query("SELECT COUNT(*) AS ok FROM piwik_sites WHERE uid='$cuid' AND piwik_id='$site_id'"); $db->query("SELECT COUNT(*) AS ok FROM piwik_sites WHERE uid=? AND piwik_id=?;",array($cuid,$site_id));
$db->next_record(); $db->next_record();
if ($db->f('ok')!=1) if ($db->f('ok')!=1)
{ {
@ -53,7 +53,7 @@ else
} }
else else
{ {
$db->query("SELECT COUNT(*) AS ok FROM piwik_users WHERE uid='$cuid' AND login='$user_name'"); $db->query("SELECT COUNT(*) AS ok FROM piwik_users WHERE uid=? AND login=?",array($cuid,$user_name));
$db->next_record(); $db->next_record();
if ($db->f('ok')!=1) if ($db->f('ok')!=1)
{ {
@ -79,7 +79,7 @@ else
} }
$user_piwik_sites = array(); $user_piwik_sites = array();
$db->query("SELECT piwik_id FROM piwik_sites WHERE uid='$cuid'"); $db->query("SELECT piwik_id FROM piwik_sites WHERE uid=?",array($cuid));
while ($db->next_record()) while ($db->next_record())
array_push($user_piwik_sites, $db->f('piwik_id')); array_push($user_piwik_sites, $db->f('piwik_id'));
// Weird behaviour of php: array_push products an array such as: // Weird behaviour of php: array_push products an array such as:
@ -89,7 +89,7 @@ else
$user_piwik_sites = array_flip($user_piwik_sites); $user_piwik_sites = array_flip($user_piwik_sites);
$user_piwik_users = array(); $user_piwik_users = array();
$db->query("SELECT login FROM piwik_users WHERE uid='$cuid'"); $db->query("SELECT login FROM piwik_users WHERE uid=?",arary($cuid));
while ($db->next_record()) while ($db->next_record())
array_push ($user_piwik_users, $db->f('login')); array_push ($user_piwik_users, $db->f('login'));
// Swap keys and values, see user_piwik_sites // Swap keys and values, see user_piwik_sites