Code cleanup and fix possible injections when a trusted user is logged in thanks to mwdmeyer, constant_chaos, disclosure5 and rightwayround from /r/msp for pointing these issues out

2026-02-28 10:54:52 +00:00 · 2021-12-12 13:16:26 -05:00
parent 82ead8a755
commit faf39fc84a
17 changed files with 33 additions and 40 deletions
--- a/assets.php
+++ b/assets.php
@@ -41,8 +41,8 @@ if(isset($_GET['o'])){

 //Date From and Date To Filter
 if(!empty($_GET['dtf'])){
-  $dtf = $_GET['dtf'];
-  $dtt = $_GET['dtt'];
+  $dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
+  $dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
 }else{
  $dtf = "0000-00-00";
  $dtt = "9999-00-00";