ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

more removal of escaping

pull/367/head
Isaac Connor 2013-12-17 14:38:08 -05:00
parent 9f5b8bb03b
commit 003b8c9868
1 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
web/ajax/status.php
View File

@ -246,12 +246,16 @@ function collectData()
{
$index = 0;
$where = array();
$values = array();
foreach( $entitySpec['selector'] as $selector )
{
if ( is_array( $selector ) )
$where[] = $selector['selector']." = ".dbEscape($id[$index]);
else
$where[] = $selector." = ".dbEscape($id[$index]);
if ( is_array( $selector ) ) {
$where[] = $selector['selector'].' = ?';
$values[] = $id[$index];
} else {
$where[] = $selector.' = ?';
$values[] = $id[$index];
}
$index++;
}
$sql .= " where ".join( " and ", $where );
@ -259,27 +263,22 @@ function collectData()
if ( $groupSql )
$sql .= " group by ".join( ",", array_unique( $groupSql ) );
if ( !empty($_REQUEST['sort']) )
$sql .= " order by ".dbEscape($_REQUEST['sort']);
$sql .= " order by ".$_REQUEST['sort'];
if ( !empty($entitySpec['limit']) )
$limit = $entitySpec['limit'];
elseif ( !empty($_REQUEST['count']) )
$limit = dbEscape($_REQUEST['count']);
$limit = $_REQUEST['count'];
if ( !empty( $limit ) )
$sql .= " limit ".$limit;
if ( isset($limit) && $limit == 1 )
{
if ( $sqlData = dbFetchOne( $sql ) )
{
if ( isset($limit) && $limit == 1 ) {
if ( $sqlData = dbFetchOne( $sql, NULL, $values ) ) {
foreach ( $postFuncs as $element=>$func )
$sqlData[$element] = eval( 'return( '.$func.'( $sqlData ) );' );
$data = array_merge( $data, $sqlData );
}
}
else
{
} else {
$count = 0;
foreach( dbFetchAll( $sql ) as $sqlData )
{
foreach( dbFetchAll( $sql, NULL, $values ) as $sqlData ) {
foreach ( $postFuncs as $element=>$func )
$sqlData[$element] = eval( 'return( '.$func.'( $sqlData ) );' );
$data[] = $sqlData;