AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Code cleanup and fix possible injections when a trusted user is logged in thanks to mwdmeyer, constant_chaos, disclosure5 and rightwayround from /r/msp for pointing these issues out

Browse Source
This commit is contained in:
johnnyq
2021-12-12 13:16:26 -05:00
parent 82ead8a755
commit faf39fc84a
17 changed files with 33 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
transfers.php
View File

@@ -41,8 +41,8 @@ if(isset($_GET['o'])){
//Date Filter
if($_GET['canned_date'] == "custom" AND !empty($_GET['dtf'])){
$dtf = $_GET['dtf'];
$dtt = $_GET['dtt'];
$dtf = mysqli_real_escape_string($mysqli,$_GET['dtf']);
$dtt = mysqli_real_escape_string($mysqli,$_GET['dtt']);
}elseif($_GET['canned_date'] == "today"){
$dtf = date('Y-m-d');
$dtt = date('Y-m-d');