From 2d94062cca0d0577eac319909507335c3cc937bd Mon Sep 17 00:00:00 2001 From: Alexey Melnichuk Date: Tue, 25 Aug 2015 16:49:56 +0400 Subject: [PATCH] Fix. Escape hostname string. --- app/sip_status/sip_status.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/sip_status/sip_status.php b/app/sip_status/sip_status.php index abb921be11..1ad33c4e78 100644 --- a/app/sip_status/sip_status.php +++ b/app/sip_status/sip_status.php @@ -108,7 +108,7 @@ if ($_GET['a'] == "download") { $sql = "select sip_profile_name from v_sip_profiles "; $sql .= "where sip_profile_enabled = 'true' "; if ($hostname) { - $sql .= "and (sip_profile_hostname = '" . $hostname . "' "; + $sql .= "and (sip_profile_hostname = '" . check_str($hostname) . "' "; $sql .= "or sip_profile_hostname = '' "; $sql .= "or sip_profile_hostname is null ) "; }