AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Code cleanup and fix possible injections when a trusted user is logged in thanks to mwdmeyer, constant_chaos, disclosure5 and rightwayround from /r/msp for pointing these issues out

Browse Source
This commit is contained in:
johnnyq
2021-12-12 13:16:26 -05:00
parent 82ead8a755
commit faf39fc84a
17 changed files with 33 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
clients.php
View File

@@ -48,8 +48,8 @@ if(isset($_GET['order'])){
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['date_from'])){
$date_from = $_GET['date_from'];
$date_to = $_GET['date_to'];
$date_from = mysqli_real_escape_string($mysqli,$_GET['date_from']);
$date_to = mysqli_real_escape_string($mysqli,$_GET['date_to']);
}elseif($_GET['canned_date'] == "today"){
$date_from = date('Y-m-d');
$date_to = date('Y-m-d');