ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove SQL-injection vulnerable code in this file that was previously fixed in inc_all_client.php

Browse Source
This commit is contained in:
Marcus Hill
2023-05-20 15:33:46 +01:00
parent c403380562
commit cea954008f
1 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
client_document_templates.php
View File

@@ -1,14 +1,11 @@
<?php <?php
// Default Column Sort by Filter
$sb = "document_name";
$o = "ASC";
require_once("inc_all_client.php"); require_once("inc_all_client.php");
// Sort by
if (!empty($_GET['sb'])) {
$sb = sanitizeInput($_GET['sb']);
} else {
$sb = "document_name";
}
// Search query SQL snippet // Search query SQL snippet
if (!empty($q)) { if (!empty($q)) {
$query_snippet = "AND (MATCH(document_content_raw) AGAINST ('$q') OR document_name LIKE '%$q%')"; $query_snippet = "AND (MATCH(document_content_raw) AGAINST ('$q') OR document_name LIKE '%$q%')";