AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

More Security fixes escaping search and sortby GET vars

Browse Source
This commit is contained in:
johnny@pittpc.com
2019-08-31 15:38:16 -04:00
parent 71decb9332
commit 9050f4b03a
32 changed files with 108 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
client_payments.php
View File

@@ -15,13 +15,13 @@ if(isset($_GET['p'])){
}
if(isset($_GET['q'])){
$q = $_GET['q'];
$q = mysqli_real_escape_string($mysqli,$_GET['q']);
}else{
$q = "";
}
if(!empty($_GET['sb'])){
$sb = $_GET['sb'];
$sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
}else{
$sb = "payment_id";
}
@@ -62,7 +62,7 @@ $total_pages = ceil($total_found_rows / 10);
<input type="hidden" name="client_id" value="<?php echo $client_id; ?>">
<input type="hidden" name="tab" value="<?php echo $_GET['tab']; ?>">
<div class="input-group">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo $q;} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
<input type="search" class="form-control " name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search <?php echo ucwords($_GET['tab']); ?>">
<div class="input-group-append">
<button class="btn btn-secondary"><i class="fa fa-search"></i></button>
</div>