nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

DB and protection (#6696)

Browse Source 
so this small change has 2 purposes.
first, I found the hard way, that PHP PDO is not always coded with the same criteria between versions and databases.  While PDO PGSQL on PHP 8.x may work, PDO SQLITE on PHP 7.4 may not and so on.. This will make sure that the value there is an integer.

Second, since these two values are taken from the _GET, which is in the URL string, it will protect against "imaginative" users.
This commit is contained in:
Luis Daniel Lucio Quiroz
2023-05-16 15:05:07 -04:00
committed by GitHub
parent ab29d70f40
commit 3f544496b7
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/xml_cdr/xml_cdr_inc.php
View File

@@ -591,8 +591,8 @@
}
else {
$sql .= " limit :limit offset :offset \n";
$parameters['limit'] = $rows_per_page;
$parameters['offset'] = $offset;
$parameters['limit'] = intval($rows_per_page);
$parameters['offset'] = intval($offset);
}
}
$sql = str_replace(" ", " ", $sql);