Fixed a SQL injection could only work if you had a login thanks disclosure5 for pointing this out from reddit/r/msp

2026-02-28 10:54:52 +00:00 · 2021-12-12 01:22:39 -05:00
parent efb6372190
commit 9e9bb50db0
2 changed files with 3 additions and 3 deletions
--- a/logs.php
+++ b/logs.php
@@ -135,7 +135,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
    </form>
    <hr>
    <div class="table-responsive">
-      <table class="table table-striped table-borderless table-hover">
+      <table class="table table-sm table-striped table-borderless table-hover">
        <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
          <tr>
            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=log_created_at&o=<?php echo $disp; ?>">Timestamp</a></th>