From 005218fa58ef333674e05f04e02c87954c57f04b Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Fri, 20 Jul 2012 13:28:01 -0400
Subject: [PATCH] Sanitize input with new and improved 'db_input'
---
scp/apikeys.php | 4 ++--
scp/banlist.php | 4 ++--
scp/canned.php | 4 ++--
scp/categories.php | 4 ++--
scp/departments.php | 6 +++---
scp/emails.php | 4 ++--
scp/filters.php | 4 ++--
scp/groups.php | 4 ++--
scp/helptopics.php | 4 ++--
scp/logs.php | 2 +-
scp/slas.php | 4 ++--
scp/staff.php | 2 +-
scp/teams.php | 4 ++--
scp/templates.php | 2 +-
14 files changed, 26 insertions(+), 26 deletions(-)
diff --git a/scp/apikeys.php b/scp/apikeys.php
index f9293f605..e393a31c5 100644
--- a/scp/apikeys.php
+++ b/scp/apikeys.php
@@ -46,7 +46,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.API_KEY_TABLE.' SET isactive=1 WHERE id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected API keys enabled';
@@ -57,7 +57,7 @@ if($_POST){
}
}elseif($_POST['disable']){
$sql='UPDATE '.API_KEY_TABLE.' SET isactive=0 WHERE id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected API keys disabled';
diff --git a/scp/banlist.php b/scp/banlist.php
index faa709fd3..081fde9b4 100644
--- a/scp/banlist.php
+++ b/scp/banlist.php
@@ -71,7 +71,7 @@ if($_POST && !$errors && $filter){
$sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=1 WHERE filter_id='.
db_input($filter->getId()).
' AND id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected emails ban status set to enabled';
@@ -84,7 +84,7 @@ if($_POST && !$errors && $filter){
$sql='UPDATE '.EMAIL_FILTER_RULE_TABLE.' SET isactive=0 WHERE filter_id='.
db_input($filter->getId()).
' AND id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected emails ban status set to disabled';
diff --git a/scp/canned.php b/scp/canned.php
index fa208a273..2a2252233 100644
--- a/scp/canned.php
+++ b/scp/canned.php
@@ -72,7 +72,7 @@ if($_POST && $thisstaff->canManageCannedResponses()) {
$count=count($_POST['ids']);
if($_POST['enable']) {
$sql='UPDATE '.CANNED_TABLE.' SET isenabled=1 WHERE canned_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected canned replies enabled';
@@ -83,7 +83,7 @@ if($_POST && $thisstaff->canManageCannedResponses()) {
}
} elseif($_POST['disable']) {
$sql='UPDATE '.CANNED_TABLE.' SET isenabled=0 WHERE canned_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected canned replies disabled';
diff --git a/scp/categories.php b/scp/categories.php
index ed98da897..6b645fc84 100644
--- a/scp/categories.php
+++ b/scp/categories.php
@@ -53,7 +53,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['public']) {
$sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=1 WHERE category_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected categories made PUBLIC';
@@ -64,7 +64,7 @@ if($_POST){
}
} elseif($_POST['private']) {
$sql='UPDATE '.FAQ_CATEGORY_TABLE.' SET ispublic=0 WHERE category_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected categories made PRIVATE';
diff --git a/scp/departments.php b/scp/departments.php
index ae03b6385..ef1acb12d 100644
--- a/scp/departments.php
+++ b/scp/departments.php
@@ -46,7 +46,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['public']){
$sql='UPDATE '.DEPT_TABLE.' SET ispublic=1 WHERE dept_id IN ('
- .implode(',', array_map('db_input', $_POST['ids'])).')';
+ .implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected departments made public';
@@ -58,7 +58,7 @@ if($_POST){
}elseif($_POST['private']){
$sql='UPDATE '.DEPT_TABLE.' SET ispublic=0 '.
'WHERE dept_id IN ('
- .implode(',', array_map('db_input', $_POST['ids']))
+ .implode(',', db_input($_POST['ids']))
.') AND dept_id!='.db_input($cfg->getDefaultDeptId());
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
@@ -72,7 +72,7 @@ if($_POST){
}elseif($_POST['delete']){
//Deny all deletes if one of the selections has members in it.
$sql='SELECT count(staff_id) FROM '.STAFF_TABLE.' WHERE dept_id IN ('
- .implode(',', array_map('db_input', $_POST['ids'])).')';
+ .implode(',', db_input($_POST['ids'])).')';
list($members)=db_fetch_row(db_query($sql));
if($members)
$errors['err']='Dept. with users can not be deleted. Move staff first.';
diff --git a/scp/emails.php b/scp/emails.php
index fa8a150d7..b0d32bb59 100644
--- a/scp/emails.php
+++ b/scp/emails.php
@@ -47,9 +47,9 @@ if($_POST){
$sql='SELECT count(dept_id) FROM '.DEPT_TABLE.' dept '.
'WHERE email_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).
+ implode(',', db_input($_POST['ids'])).
') OR autoresp_email_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
list($depts)=db_fetch_row(db_query($sql));
if($depts>0){
$errors['err']='One or more of the selected emails is being used by a department. Remove association first!';
diff --git a/scp/filters.php b/scp/filters.php
index ce61a7ea9..4ce0f3076 100644
--- a/scp/filters.php
+++ b/scp/filters.php
@@ -50,7 +50,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=1 WHERE id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected filters enabled';
@@ -61,7 +61,7 @@ if($_POST){
}
}elseif($_POST['disable']){
$sql='UPDATE '.EMAIL_FILTER_TABLE.' SET isactive=0 WHERE id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected filters disabled';
diff --git a/scp/groups.php b/scp/groups.php
index aa2ee2d11..22b1bae0a 100644
--- a/scp/groups.php
+++ b/scp/groups.php
@@ -44,7 +44,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.GROUP_TABLE.' SET group_enabled=1, updated=NOW() WHERE group_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected groups activated';
@@ -55,7 +55,7 @@ if($_POST){
}
}elseif($_POST['disable']){
$sql='UPDATE '.GROUP_TABLE.' SET group_enabled=0, updated=NOW() WHERE group_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected groups disabled';
diff --git a/scp/helptopics.php b/scp/helptopics.php
index 45a288f41..5bd1ded70 100644
--- a/scp/helptopics.php
+++ b/scp/helptopics.php
@@ -46,7 +46,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.TOPIC_TABLE.' SET isactive=1 WHERE topic_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected help topics enabled';
@@ -57,7 +57,7 @@ if($_POST){
}
}elseif($_POST['disable']){
$sql='UPDATE '.TOPIC_TABLE.' SET isactive=0 WHERE topic_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected help topics disabled';
diff --git a/scp/logs.php b/scp/logs.php
index b34126f5d..e29ef3702 100644
--- a/scp/logs.php
+++ b/scp/logs.php
@@ -24,7 +24,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['delete']){
$sql='DELETE FROM '.SYSLOG_TABLE.' WHERE log_id IN ('
- .implode(',', array_map('db_input', $_POST['ids'])).')';
+ .implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected logs deleted successfully';
diff --git a/scp/slas.php b/scp/slas.php
index 8c7c1b4af..8f3b0f75c 100644
--- a/scp/slas.php
+++ b/scp/slas.php
@@ -46,7 +46,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.SLA_TABLE.' SET isactive=1 WHERE id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected SLA plans enabled';
@@ -57,7 +57,7 @@ if($_POST){
}
}elseif($_POST['disable']){
$sql='UPDATE '.SLA_TABLE.' SET isactive=0 WHERE id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected SLA plans disabled';
diff --git a/scp/staff.php b/scp/staff.php
index eacafb317..88c8949f9 100644
--- a/scp/staff.php
+++ b/scp/staff.php
@@ -46,7 +46,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.STAFF_TABLE.' SET isactive=1 WHERE staff_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected staff activated';
diff --git a/scp/teams.php b/scp/teams.php
index 2fcbb1b1e..50d7ca1ca 100644
--- a/scp/teams.php
+++ b/scp/teams.php
@@ -44,7 +44,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.TEAM_TABLE.' SET isenabled=1 WHERE team_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected teams activated';
@@ -55,7 +55,7 @@ if($_POST){
}
}elseif($_POST['disable']){
$sql='UPDATE '.TEAM_TABLE.' SET isenabled=0 WHERE team_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)
$msg='Selected teams disabled';
diff --git a/scp/templates.php b/scp/templates.php
index b87713662..4ba95d70a 100644
--- a/scp/templates.php
+++ b/scp/templates.php
@@ -55,7 +55,7 @@ if($_POST){
$count=count($_POST['ids']);
if($_POST['enable']){
$sql='UPDATE '.EMAIL_TEMPLATE_TABLE.' SET isactive=1 WHERE tpl_id IN ('.
- implode(',', array_map('db_input', $_POST['ids'])).')';
+ implode(',', db_input($_POST['ids'])).')';
if(db_query($sql) && ($num=db_affected_rows())){
if($num==$count)
$msg='Selected templates enabled';
--
GitLab