diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index be878efbe888278c0831e9badb87f197090084b1..de6610dd6b0c1a27a5d032f4aca6582078f200c1 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -37,10 +37,10 @@ class TicketsAjaxAPI extends AjaxController {
$sql.=' AND ( staff_id='.db_input($thisstaff->getId());
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
- $sql.=' OR team_id IN('.implode(',', array_filter($teams)).')';
+ $sql.=' OR team_id IN('.implode(',', db_input(array_filter($teams))).')';
if(!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
- $sql.=' OR dept_id IN ('.implode(',', $depts).')';
+ $sql.=' OR dept_id IN ('.implode(',', db_input($depts)).')';
$sql.=' ) '
.' ORDER BY created LIMIT '.$limit;
@@ -67,10 +67,10 @@ class TicketsAjaxAPI extends AjaxController {
$sql.=' AND ( staff_id='.db_input($thisstaff->getId());
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
- $sql.=' OR team_id IN('.implode(',', array_filter($teams)).')';
+ $sql.=' OR team_id IN('.implode(',', db_input(array_filter($teams))).')';
if(!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
- $sql.=' OR dept_id IN ('.implode(',', $depts).')';
+ $sql.=' OR dept_id IN ('.implode(',', db_input($depts)).')';
$sql.=' ) '
.' GROUP BY email '
@@ -96,10 +96,10 @@ class TicketsAjaxAPI extends AjaxController {
$where.=' AND ( ticket.staff_id='.db_input($thisstaff->getId());
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
- $where.=' OR ticket.team_id IN('.implode(',', array_filter($teams)).')';
+ $where.=' OR ticket.team_id IN('.implode(',', db_input(array_filter($teams))).')';
if(!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
- $where.=' OR ticket.dept_id IN ('.implode(',', $depts).')';
+ $where.=' OR ticket.dept_id IN ('.implode(',', db_input($depts)).')';
$where.=' ) ';
diff --git a/include/class.faq.php b/include/class.faq.php
index 2197bbac102604d334d2f59b71d7658a3b18b39b..61901f3e973a5b718faa44c57a2df76613a89341 100644
--- a/include/class.faq.php
+++ b/include/class.faq.php
@@ -146,7 +146,7 @@ class FAQ {
$sql='DELETE FROM '.FAQ_TOPIC_TABLE.' WHERE faq_id='.db_input($this->getId());
if($ids)
- $sql.=' AND topic_id NOT IN('.implode(',',$ids).')';
+ $sql.=' AND topic_id NOT IN('.implode(',', db_input($ids)).')';
db_query($sql);
diff --git a/include/class.staff.php b/include/class.staff.php
index 102e79ecda4ae642dc7a777f75143b3148078a22..edac10a088a10c19db71e3d19d4137dd122b7417 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -484,9 +484,10 @@ class Staff {
db_query($sql);
}
}
+
$sql='DELETE FROM '.TEAM_MEMBER_TABLE.' WHERE staff_id='.db_input($this->getId());
if($teams)
- $sql.=' AND team_id NOT IN('.implode(',', $teams).')';
+ $sql.=' AND team_id NOT IN('.implode(',', db_input($teams)).')';
db_query($sql);
@@ -494,6 +495,7 @@ class Staff {
}
function update($vars, &$errors) {
+
if(!$this->save($this->getId(), $vars, $errors))
return false;
diff --git a/include/class.team.php b/include/class.team.php
index 367815b9637d7ab24d9e295379d11a1f6601df74..72c3c4483d43480c4b7c880fe1194f96c630ec24 100644
--- a/include/class.team.php
+++ b/include/class.team.php
@@ -138,7 +138,7 @@ class Team {
$sql='DELETE FROM '.TEAM_MEMBER_TABLE
.' WHERE team_id='.db_input($this->getId())
.' AND staff_id IN ('
- .implode(',', array_map('db_input', $_POST['remove']))
+ .implode(',', db_input($vars['remove']))
.')';
db_query($sql);
}
diff --git a/include/class.ticket.php b/include/class.ticket.php
index 5a3fd83f3883c432b17bf89d4ac08d6b4ee95de6..a4fd602e1847ac842e91528a385bc993cc0e1a71 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -1970,10 +1970,10 @@ class Ticket {
.' WHERE (ticket.staff_id='.db_input($staff->getId());
if(($teams=$staff->getTeams()))
- $sql.=' OR ticket.team_id IN('.implode(',', array_filter($teams)).')';
+ $sql.=' OR ticket.team_id IN('.implode(',', db_input(array_filter($teams))).')';
if(!$staff->showAssignedOnly() && ($depts=$staff->getDepts())) //Staff with limited access just see Assigned tickets.
- $sql.=' OR ticket.dept_id IN('.implode(',', $depts).') ';
+ $sql.=' OR ticket.dept_id IN('.implode(',', db_input($depts)).') ';
$sql.=')';
diff --git a/include/staff/directory.inc.php b/include/staff/directory.inc.php
index c9d11a3d4bf1d8921b3261fc80d3e9a6a73616ae..22c19bdd921103bf10b948c4a339c9c678c10099 100644
--- a/include/staff/directory.inc.php
+++ b/include/staff/directory.inc.php
@@ -63,7 +63,7 @@ $query="$select $from $where GROUP BY staff.staff_id ORDER BY $order_by LIMIT ".
<h2>Staff Members</h2>
<div style="width:700; float:left;">
<form action="directory.php" method="GET" name="filter">
- <input type="text" name="q" value="<?php echo $_REQUEST['q']; ?>" >
+ <input type="text" name="q" value="<?php echo Format::htmlchars($_REQUEST['q']); ?>" >
<select name="did" id="did">
<option value="0">— All Department —</option>
<?php
diff --git a/include/staff/tickets.inc.php b/include/staff/tickets.inc.php
index d6fab690cdcd76cc9a8c7dd9e590a6c60231a6b4..a8db757b1e8517cb8090a74e568ca2d00e5249ef 100644
--- a/include/staff/tickets.inc.php
+++ b/include/staff/tickets.inc.php
@@ -65,15 +65,15 @@ $qwhere =' WHERE ( '
.' ticket.staff_id='.db_input($thisstaff->getId());
if(!$thisstaff->showAssignedOnly())
- $qwhere.=' OR ticket.dept_id IN ('.($depts?implode(',',$depts):0).')';
+ $qwhere.=' OR ticket.dept_id IN ('.($depts?implode(',', db_input($depts)):0).')';
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
- $qwhere.=' OR ticket.team_id IN('.implode(',',array_filter($teams)).') ';
+ $qwhere.=' OR ticket.team_id IN('.implode(',', db_input(array_filter($teams))).') ';
$qwhere .= ' )';
//STATUS
-if($status){
+if($status) {
$qwhere.=' AND status='.db_input(strtolower($status));
}
@@ -307,7 +307,7 @@ $negorder=$order=='DESC'?'ASC':'DESC'; //Negate the sorting..
<a class="refresh" href="<?php echo $_SERVER['REQUEST_URI']; ?>">Refresh</a>
<input type="hidden" name="a" value="mass_process" >
<input type="hidden" name="do" id="action" value="" >
- <input type="hidden" name="status" value="<?php echo $_REQUEST['status']; ?>" >
+ <input type="hidden" name="status" value="<?php echo Format::htmlchars($_REQUEST['status']); ?>" >
<table class="list" border="0" cellspacing="1" cellpadding="2" width="940">
<caption><?php echo $showing; ?> <?php echo $results_type; ?></caption>
<thead>
diff --git a/scp/staff.php b/scp/staff.php
index 65f80dcc8056661de55b7f09d7ff2ea99b254eba..904708dea49b3b4a21c987e9992fe5c5bfd45958 100644
--- a/scp/staff.php
+++ b/scp/staff.php
@@ -60,7 +60,7 @@ if($_POST){
break;
case 'disable':
$sql='UPDATE '.STAFF_TABLE.' SET isactive=0 '
- .' WHERE staff_id IN ('.implode(',',$_POST['ids']).') AND staff_id!='.db_input($thisstaff->getId());
+ .' WHERE staff_id IN ('.implode(',', db_input($_POST['ids'])).') AND staff_id!='.db_input($thisstaff->getId());
if(db_query($sql) && ($num=db_affected_rows())) {
if($num==$count)