AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a vulnerability in the setup.php file and other code cleanups. Thanks to the person that wishes to remain anonymous for reporting and providing a patch Also added a notice to readme to not use this web app during beta for production use

Browse Source
This commit is contained in:
johnnyq
2022-01-01 17:02:31 -05:00
parent a70105e731
commit cf3c0a6410
6 changed files with 68 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
post.php
View File

@@ -1043,18 +1043,21 @@ if(isset($_POST['add_client'])){
}
//Add Tags
foreach($_POST['tags'] as $tag){
intval($tag);
mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
if(isset($_POST['tags'])){
foreach($_POST['tags'] as $tag){
intval($tag);
mysqli_query($mysqli,"INSERT INTO client_tags SET client_id = $client_id, tag_id = $tag");
}
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Create', log_description = '$session_name created $name$extended_log_description', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
$_SESSION['alert_message'] = "Client created";
$_SESSION['alert_message'] = "Client <strong>$name</strong> created";
header("Location: clients.php");
exit;
}
if(isset($_POST['edit_client'])){