ZoneMinder
/
zoneminder
mirror of https://github.com/ZoneMinder/zoneminder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix sql query when user is limited to specific monitors

pull/728/head
Isaac Connor 2015-02-23 14:10:18 -05:00
parent 851a246cf2
commit bd3a9806b8
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
web/skins/classic/views/event.php
View File

@ -27,13 +27,15 @@ if ( !canView( 'Events' ) )
$eid = validInt( $_REQUEST['eid'] );
$fid = !empty($_REQUEST['fid'])?validInt($_REQUEST['fid']):1;
if ( $user['MonitorIds'] )
$midSql = " and MonitorId in (".join( ",", preg_split( '/["\'\s]*,["\'\s]*/', dbEscape($user['MonitorIds']) ) ).")";
else
$midSql = '';
$sql = 'SELECT E.*,M.Name AS MonitorName,M.Width,M.Height,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?';
$sql_values = array( $eid );
$sql = 'SELECT E.*,M.Name AS MonitorName,M.DefaultRate,M.DefaultScale FROM Events AS E INNER JOIN Monitors AS M ON E.MonitorId = M.Id WHERE E.Id = ?'.$midSql;
$event = dbFetchOne( $sql, NULL, array($eid) );
if ( $user['MonitorIds'] ) {
$monitor_ids = preg_split( '/,/', $user['MonitorIds'] );
$sql .= ' AND MonitorId IN (' .implode( ',', array_fill(0,count($monitor_ids),'?') ) . ')';
$sql_values = array_merge( $sql_values, $monitor_ids );
}
$event = dbFetchOne( $sql, NULL, $sql_values );
if ( isset( $_REQUEST['rate'] ) )
$rate = validInt($_REQUEST['rate']);