You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: www/include/configuration/configObject/service_template_model/formServiceTemplateModel.php
+2-2
Original file line number
Diff line number
Diff line change
@@ -186,7 +186,7 @@ function myDecodeSvTP($arg) {
186
186
*/
187
187
$svc_tmplt_who_use_me = array();
188
188
if (isset($_GET["service_id"]) && $_GET["service_id"]) {
189
-
$DBRESULT = $pearDB->query("SELECT service_description, service_id FROM service WHERE service_template_model_stm_id = '".$_GET["service_id"]."'");
189
+
$DBRESULT = $pearDB->query("SELECT service_description, service_id FROM service WHERE service_template_model_stm_id = '".$pearDB->escape($_GET["service_id"])."'");
190
190
while ($service_tmpl_father = $DBRESULT->fetchRow()) {
* Service Templates comes from DB -> Store in $svTpls Array
198
198
*/
199
-
$svTpls = array(NULL=>NULL);
199
+
$svTpls = array(NULL => NULL);
200
200
$DBRESULT = $pearDB->query("SELECT service_id, service_description, service_template_model_stm_id FROM service WHERE service_register = '0' AND service_id != '".$service_id."' ORDER BY service_description");
Copy file name to clipboardExpand all lines: www/include/views/graphs/common/makeXML_ListMetrics.php
+2-2
Original file line number
Diff line number
Diff line change
@@ -90,7 +90,7 @@ function compare($a, $b) {
90
90
$where = " AND def_type='".$_GET["vdef"]."'";
91
91
92
92
if (isset($_GET["index_id"]) && $_GET["index_id"] != 0) {
93
-
$pq_sql = $pearDBO->query("SELECT metric_id, metric_name FROM metrics as ms, index_data as ixd WHERE ms.index_id = ixd.id and ms.index_id='".$_GET["index_id"]."';");
93
+
$pq_sql = $pearDBO->query("SELECT metric_id, metric_name FROM metrics as ms, index_data as ixd WHERE ms.index_id = ixd.id and ms.index_id='".$pearDB->escape($_GET["index_id"])."';");
$pq_sql = $pearDB->query("SELECT vmetric_id, vmetric_name, def_type FROM virtual_metrics WHERE index_id='".$_GET["index_id"]."'".$where.";");
102
+
$pq_sql = $pearDB->query("SELECT vmetric_id, vmetric_name, def_type FROM virtual_metrics WHERE index_id='".$pearDB->escape($_GET["index_id"])."'".$where.";");
0 commit comments