summaryrefslogtreecommitdiffstats
path: root/modules-available/roomplanner
diff options
context:
space:
mode:
authorSimon Rettberg2017-07-25 19:03:29 +0200
committerSimon Rettberg2017-07-25 19:03:29 +0200
commitc55a02f9419b8eedaeb68236187d9ad2ef25e285 (patch)
tree5d0902788aefac1bb4317f6071c79422f8d7b62b /modules-available/roomplanner
parent[inc/Download] Delete temp file for response header (diff)
downloadslx-admin-c55a02f9419b8eedaeb68236187d9ad2ef25e285.tar.gz
slx-admin-c55a02f9419b8eedaeb68236187d9ad2ef25e285.tar.xz
slx-admin-c55a02f9419b8eedaeb68236187d9ad2ef25e285.zip
[roomplanner] Sanitize input (ASCII columns)
Diffstat (limited to 'modules-available/roomplanner')
-rw-r--r--modules-available/roomplanner/page.inc.php9
1 files changed, 5 insertions, 4 deletions
diff --git a/modules-available/roomplanner/page.inc.php b/modules-available/roomplanner/page.inc.php
index a35023b9..4e36d3ba 100644
--- a/modules-available/roomplanner/page.inc.php
+++ b/modules-available/roomplanner/page.inc.php
@@ -88,14 +88,15 @@ class Page_Roomplanner extends Page
if ($this->action === 'getmachines') {
$query = Request::get('query', false, 'string');
+ $aquery = preg_replace('/[^\x01-\x7f]+/', '%', $query);
$result = Database::simpleQuery('SELECT machineuuid, macaddr, clientip, hostname '
. 'FROM machine '
- . 'WHERE machineuuid LIKE :query '
- . ' OR macaddr LIKE :query '
- . ' OR clientip LIKE :query '
+ . 'WHERE machineuuid LIKE :aquery '
+ . ' OR macaddr LIKE :aquery '
+ . ' OR clientip LIKE :aquery '
. ' OR hostname LIKE :query '
- . ' LIMIT 100', ['query' => "%$query%"]);
+ . ' LIMIT 100', ['query' => "%$query%", 'aquery' => "%$aquery%"]);
$returnObject = ['machines' => []];
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-04 14:07:39 +0200