AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-18 03:34:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

SQL Escape domain/cert/client/ticket fields to prevent them potentially breaking SQL queries

Browse Source
This commit is contained in:
Marcus Hill
2023-01-02 15:03:56 +00:00
parent f150b3cb27
commit d86285aafd
1 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cron.php
View File

@@ -58,10 +58,10 @@ while($row = mysqli_fetch_array($sql_companies)){
while($row = mysqli_fetch_array($sql)){ while($row = mysqli_fetch_array($sql)){
$domain_id = $row['domain_id']; $domain_id = $row['domain_id'];
$domain_name = $row['domain_name']; $domain_name = mysqli_real_escape_string($mysqli,$row['domain_name']);
$domain_expire = $row['domain_expire']; $domain_expire = $row['domain_expire'];
$client_id = $row['client_id']; $client_id = $row['client_id'];
$client_name = $row['client_name']; $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Domain', notification = 'Domain $domain_name for $client_name will expire in $day Days on $domain_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Domain', notification = 'Domain $domain_name for $client_name will expire in $day Days on $domain_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
@@ -75,7 +75,7 @@ while($row = mysqli_fetch_array($sql_companies)){
foreach($certificateAlertArray as $day){ foreach($certificateAlertArray as $day){
//Get Domains Expiring //Get Certs Expiring
$sql = mysqli_query($mysqli,"SELECT * FROM certificates $sql = mysqli_query($mysqli,"SELECT * FROM certificates
LEFT JOIN clients ON certificate_client_id = client_id LEFT JOIN clients ON certificate_client_id = client_id
WHERE certificate_expire = CURDATE() + INTERVAL $day DAY WHERE certificate_expire = CURDATE() + INTERVAL $day DAY
@@ -84,11 +84,11 @@ while($row = mysqli_fetch_array($sql_companies)){
while($row = mysqli_fetch_array($sql)){ while($row = mysqli_fetch_array($sql)){
$certificate_id = $row['certificate_id']; $certificate_id = $row['certificate_id'];
$certificate_name = $row['certificate_name']; $certificate_name = mysqli_real_escape_string($mysqli,$row['certificate_name']);
$certificate_domain = $row['certificate_domain']; $certificate_domain = $row['certificate_domain']);
$certificate_expire = $row['certificate_expire']; $certificate_expire = $row['certificate_expire'];
$client_id = $row['client_id']; $client_id = $row['client_id'];
$client_name = $row['client_name']; $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Certificate', notification = 'Certificate $certificate_name for $client_name will expire in $day Days on $certificate_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Certificate', notification = 'Certificate $certificate_name for $client_name will expire in $day Days on $certificate_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
@@ -111,10 +111,10 @@ while($row = mysqli_fetch_array($sql_companies)){
while($row = mysqli_fetch_array($sql)){ while($row = mysqli_fetch_array($sql)){
$asset_id = $row['asset_id']; $asset_id = $row['asset_id'];
$asset_name = $row['asset_name']; $asset_name = mysqli_real_escape_string($mysqli,$row['asset_name']);
$asset_warranty_expire = $row['asset_warranty_expire']; $asset_warranty_expire = $row['asset_warranty_expire'];
$client_id = $row['client_id']; $client_id = $row['client_id'];
$client_name = $row['client_name']; $client_name = mysqli_real_escape_string($mysqli,$row['client_name']);
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Asset', notification = 'Asset $asset_name warranty for $client_name will expire in $day Days on $asset_warranty_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Asset', notification = 'Asset $asset_name warranty for $client_name will expire in $day Days on $asset_warranty_expire', notification_timestamp = NOW(), notification_client_id = $client_id, company_id = $company_id");
@@ -134,8 +134,8 @@ while($row = mysqli_fetch_array($sql_companies)){
if(mysqli_num_rows($sql_scheduled_tickets) > 0){ if(mysqli_num_rows($sql_scheduled_tickets) > 0){
while($row = mysqli_fetch_array($sql_scheduled_tickets)){ while($row = mysqli_fetch_array($sql_scheduled_tickets)){
$schedule_id = $row['scheduled_ticket_id']; $schedule_id = $row['scheduled_ticket_id'];
$subject = $row['scheduled_ticket_subject']; $subject = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_subject']);
$details = $row['scheduled_ticket_details']; $details = mysqli_real_escape_string($mysqli,$row['scheduled_ticket_details']);
$priority = $row['scheduled_ticket_priority']; $priority = $row['scheduled_ticket_priority'];
$frequency = strtolower($row['scheduled_ticket_frequency']); $frequency = strtolower($row['scheduled_ticket_frequency']);
$created_id = $row['scheduled_ticket_created_by']; $created_id = $row['scheduled_ticket_created_by'];