nsinnovations/fusionpbx
2
0
Fork 0
mirror of https://github.com/fusionpbx/fusionpbx.git synced 2025-12-30 00:53:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Security enhancement for the content manager.

Browse Source
This commit is contained in:
Mark Crane
2013-09-27 03:24:09 +00:00
parent 8d52323c98
commit 6aafca34f0
1 changed files with 9 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
resources/header.php
View File

@@ -89,18 +89,20 @@ require_once "resources/require.php";
//get the content
if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/app/content/app_config.php")) {
$sql = "select * from v_rss ";
$sql .= "where domain_uuid = '".$_SESSION['domain_uuid']."' ";
$sql .= "where domain_uuid =:domain_uuid ";
$sql .= "and rss_category = 'content' ";
if (strlen($content) == 0) {
$sql .= "and rss_link = '".$_SERVER["PHP_SELF"]."' ";
}
else {
$sql .= "and rss_link = '".$content."' ";
}
$sql .= "and rss_link =:content ";
$sql .= "and (length(rss_del_date) = 0 ";
$sql .= "or rss_del_date is null) ";
$sql .= "order by rss_order asc ";
$content_prep_statement = $db->prepare(check_sql($sql));
$content_prep_statement->bindParam(':domain_uuid', $_SESSION['domain_uuid']);
if (strlen($content) == 0) {
$content_prep_statement->bindParam(':content', $_SERVER["PHP_SELF"]);
}
else {
$content_prep_statement->bindParam(':content', $content);
}
$content_prep_statement->execute();
$result = $content_prep_statement->fetchAll(PDO::FETCH_NAMED);
$page["title"] = '';