summaryrefslogtreecommitdiffstats
path: root/library/Pbs
diff options
context:
space:
mode:
Diffstat (limited to 'library/Pbs')
-rw-r--r--library/Pbs/Filter.php32
-rw-r--r--library/Pbs/NewMember.php15
2 files changed, 24 insertions, 23 deletions
diff --git a/library/Pbs/Filter.php b/library/Pbs/Filter.php
index 5231e59..cb6233a 100644
--- a/library/Pbs/Filter.php
+++ b/library/Pbs/Filter.php
@@ -75,8 +75,8 @@ class Pbs_Filter{
$ipAdress = str_replace(".","",$this->fillIP($ipAdress));
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- REPLACE(fe.filtervalue,'.','') <= '".$ipAdress."' AND
- '".$ipAdress."' <= REPLACE(fe.filtervalue2,'.','') AND
+ REPLACE(fe.filtervalue,'.','') <= '".mysql_real_escape_string($ipAdress)."' AND
+ '".mysql_real_escape_string($ipAdress)."' <= REPLACE(fe.filtervalue2,'.','') AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
@@ -102,8 +102,8 @@ class Pbs_Filter{
$macAdress = $this->fillMac($macAdress);
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue <= '".$macAdress."' AND
- '".$macAdress."' <= fe.filtervalue2 AND
+ fe.filtervalue <= '".mysql_real_escape_string($macAdress)."' AND
+ '".mysql_real_escape_string($macAdress)."' <= fe.filtervalue2 AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
@@ -132,7 +132,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$poolID." AND
+ fe.filtervalue = ".mysql_real_escape_string($poolID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -157,7 +157,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$clientID." AND
+ fe.filtervalue = ".mysql_real_escape_string($clientID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
@@ -180,7 +180,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$bootisoID." AND
+ fe.filtervalue = ".mysql_real_escape_string($bootisoID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -204,7 +204,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$membershipID." AND
+ fe.filtervalue = ".mysql_real_escape_string($membershipID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -231,7 +231,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$membergroupID." AND
+ fe.filtervalue = ".mysql_real_escape_string($membergroupID)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -259,8 +259,8 @@ class Pbs_Filter{
$stmt = $db->query('SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = '.$filtertypID.' AND
- REPLACE(fe.filtervalue,":","") <= '.$nowShort.' AND
- REPLACE(fe.filtervalue2,":","") >= '.$nowShort." AND
+ REPLACE(fe.filtervalue,":","") <= '.mysql_real_escape_string($nowShort).' AND
+ REPLACE(fe.filtervalue2,":","") >= '.mysql_real_escape_string($nowShort)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -286,7 +286,7 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue = ".$hardwarehash." AND
+ fe.filtervalue = ".mysql_real_escape_string($hardwarehash)." AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -309,8 +309,8 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- fe.filtervalue <= ".$weekday." AND
- ".$weekday." <= fe.filtervalue2 AND
+ fe.filtervalue <= ".mysql_real_escape_string($weekday)." AND
+ ".mysql_real_escape_string($weekday)." <= fe.filtervalue2 AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
@@ -332,8 +332,8 @@ class Pbs_Filter{
try{
$stmt = $db->query("SELECT * FROM pbs_filterentries fe, pbs_filter f WHERE
fe.filtertypeID = ".$filtertypID." AND
- REPLACE(fe.filtervalue,'.','') <= ".$date." AND
- ".$date." <= REPLACE(fe.filtervalue2,'.','') <= AND
+ REPLACE(fe.filtervalue,'.','') <= ".mysql_real_escape_string($date)." AND
+ ".mysql_real_escape_string($date)." <= REPLACE(fe.filtervalue2,'.','') <= AND
fe.filterID = f.filterID AND
f.groupID = '".$groupID."'");
$result = $stmt->fetchAll();
diff --git a/library/Pbs/NewMember.php b/library/Pbs/NewMember.php
index 62069c2..9800d04 100644
--- a/library/Pbs/NewMember.php
+++ b/library/Pbs/NewMember.php
@@ -28,13 +28,14 @@ class Pbs_NewMember{
$userBootmenu->setID($userBootmenuID);
# print_a('userbootmenu',$userBootmenu);
-
- $bootmenuentries = $bootmenuentriesMapper->findBy(array('bootmenuID'=>$defaultBootmenu->getID()));
- foreach($bootmenuentries as $bme){
- $bme->setID(null);
- $bme->setBootmenuID($userBootmenuID);
- $bootmenuentriesMapper->save($bme);
- #print_a('bootmenuentry',$bme);
+ if($defaultBootmenu != ''){
+ $bootmenuentries = $bootmenuentriesMapper->findBy(array('bootmenuID'=>$defaultBootmenu->getID()));
+ foreach($bootmenuentries as $bme){
+ $bme->setID(null);
+ $bme->setBootmenuID($userBootmenuID);
+ $bootmenuentriesMapper->save($bme);
+ #print_a('bootmenuentry',$bme);
+ }
}
// Second we create a filter
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2025-01-21 11:41:36 +0100