maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

fix two queries and corrected escaping of ticket-category, thx to vali

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-11-07 10:26:54 +01:00
parent 3e4697eb51
commit d251509beb
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
admin_customers.php
View File

@@ -933,7 +933,7 @@ if ($page == 'customers'
`caneditdomain` = '0', `caneditdomain` = '0',
`openbasedir` = '1', `openbasedir` = '1',
`speciallogfile` = '0', `speciallogfile` = '0',
`specialsettings` = '' `specialsettings` = '',
`add_date` = :adddate" `add_date` = :adddate"
); );
Database::pexecute($ins_stmt, $ins_data); Database::pexecute($ins_stmt, $ins_data);
@@ -1285,7 +1285,7 @@ if ($page == 'customers'
`caneditdomain` = '0', `caneditdomain` = '0',
`openbasedir` = '1', `openbasedir` = '1',
`speciallogfile` = '0', `speciallogfile` = '0',
`specialsettings` = '' `specialsettings` = '',
`add_date` = :adddate" `add_date` = :adddate"
); );
Database::pexecute($ins_stmt, $ins_data); Database::pexecute($ins_stmt, $ins_data);

3
admin_tickets.php
View File

@@ -372,6 +372,8 @@ if ($page == 'tickets'
$subject = $subticket->Get('subject'); $subject = $subticket->Get('subject');
$message = $subticket->Get('message'); $message = $subticket->Get('message');
$row2 = htmlentities_array($row2);
eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";"); eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
} }
@@ -574,6 +576,7 @@ if ($page == 'tickets'
SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :id' SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :id'
); );
$row = Database::pexecute_first($row_stmt, array('id' => $id)); $row = Database::pexecute_first($row_stmt, array('id' => $id));
$row = htmlentities_array($row);
$category_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_edit.php'; $category_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_edit.php';
$category_edit_form = htmlform::genHTMLForm($category_edit_data); $category_edit_form = htmlform::genHTMLForm($category_edit_data);

6
admin_traffic.php
View File

@@ -62,7 +62,11 @@ if ($page == 'overview' || $page == 'customers') {
WHERE `customerid` = :id" . WHERE `customerid` = :id" .
($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid") ($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid")
); );
Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid'])); $params = array('id' => $id);
if ($userinfo['customers_see_all'] == '0') {
$params['adminid'] = $userinfo['adminid'];
}
Database::pexecute($result_stmt, params);
$result = $result_stmt->fetch(PDO::FETCH_ASSOC); $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['loginname'] != '') { if ($result['loginname'] != '') {