← Back to branch summary

~ubuntu-branches/ubuntu/jaunty/glpi/jaunty

« back to all changes in this revision

Viewing changes to ajax/dropdownUsersTracking.php

  • Committer: Bazaar Package Importer
  • Author(s): Pierre Chifflier
  • Date: 2009-02-01 18:00:16 UTC
  • mfrom: (1.1.5 upstream) (2.1.4 sid)
  • Revision ID: james.westby@ubuntu.com-20090201180016-ddwxt4vrbqvv23pa
Tags: 0.71.5-1
http://bugs.debian.org/513611
* New upstream release
* Security: fix SQL injection in ID field (Closes: #513611)
* Urgency high due to security fix.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ajax/dropdownUsersTracking.php
1
1
<?php
2
2
/*
3
 
 * @version $Id: dropdownUsersTracking.php 6902 2008-05-26 17:57:51Z remi $
 
3
 * @version $Id: dropdownUsersTracking.php 7763 2009-01-06 18:44:50Z moyo $
4
4
 -------------------------------------------------------------------------
5
5
 GLPI - Gestionnaire Libre de Parc Informatique
6
 
 Copyright (C) 2003-2008 by the INDEPNET Development Team.
 
6
 Copyright (C) 2003-2009 by the INDEPNET Development Team.
7
7
 
8
8
 http://indepnet.net/   http://glpi-project.org
9
9
 -------------------------------------------------------------------------
64
64
 
65
65
$result = $DB->query($query);
66
66
 
 
67
$users=array(); 
 
68
if ($DB->numrows($result)) { 
 
69
        while ($data=$DB->fetch_array($result)) { 
 
70
                $users[$data["ID"]]=formatUserName($data["ID"],$data["name"],$data["realname"],$data["firstname"]); 
 
71
                $logins[$data["ID"]]=$data["name"]; 
 
72
        } 
 
73
}        
 
74
         
 
75
asort($users); 
 
76
 
67
77
echo "<select id='dropdown_".$_POST["myname"].$_POST["rand"]."' name=\"".$_POST['myname']."\">";
68
78
 
69
79
if ($_POST['searchText']!=$CFG_GLPI["ajax_wildcard"]&&$DB->numrows($result)==$NBMAX)
77
87
                echo "<option selected value='".$_POST['value']."' title=\"".cleanInputText($output)."\">".substr($output,0,$CFG_GLPI["dropdown_limit"])."</option>";
78
88
}       
79
89
 
80
 
if ($DB->numrows($result)) {
81
 
        while ($data=$DB->fetch_assoc($result)) {
82
 
                $output=formatUserName($data["ID"],$data["name"],$data["realname"],$data["firstname"]);
83
 
 
84
 
 
85
 
                echo "<option value=\"".$data["ID"]."\" ".($data["ID"] == $_POST['value']?"selected":"")." title=\"".cleanInputText($output)."\">".substr($output,0,$CFG_GLPI["dropdown_limit"])."</option>";
 
90
if (count($users)) {
 
91
        foreach ($users as $ID => $output){ 
 
92
 
 
93
                echo "<option value=\"".$ID."\" ".($ID == $_POST['value']?"selected":"")." title=\"".cleanInputText($output)."\">".substr($output,0,$CFG_GLPI["dropdown_limit"])."</option>";
86
94
        }
87
95
}
88
96
echo "</select>";