← Back to branch summary

~ubuntu-branches/ubuntu/jaunty/glpi/jaunty

« back to all changes in this revision

Viewing changes to front/tracking.injector.php

  • Committer: Bazaar Package Importer
  • Author(s): Pierre Chifflier
  • Date: 2009-02-01 18:00:16 UTC
  • mfrom: (1.1.5 upstream) (2.1.4 sid)
  • Revision ID: james.westby@ubuntu.com-20090201180016-ddwxt4vrbqvv23pa
Tags: 0.71.5-1
http://bugs.debian.org/513611
* New upstream release
* Security: fix SQL injection in ID field (Closes: #513611)
* Urgency high due to security fix.

Show diffs side-by-side

added added

removed removed

Lines of Context:
front/tracking.injector.php
1
1
<?php
2
2
/*
3
 
 * @version $Id: tracking.injector.php 6807 2008-05-08 19:30:26Z moyo $
 
3
 * @version $Id: tracking.injector.php 7763 2009-01-06 18:44:50Z moyo $
4
4
 -------------------------------------------------------------------------
5
5
 GLPI - Gestionnaire Libre de Parc Informatique
6
 
 Copyright (C) 2003-2008 by the INDEPNET Development Team.
 
6
 Copyright (C) 2003-2009 by the INDEPNET Development Team.
7
7
 
8
8
 http://indepnet.net/   http://glpi-project.org
9
9
 -------------------------------------------------------------------------
169
169
 
170
170
        if ($newID=$track->add($_POST)){
171
171
                if(isset($_POST["type"]) && ($_POST["type"] == "Helpdesk")) {
 
172
                        echo "<div align='center'>";
 
173
                        echo $LANG["help"][18]."<br><br>";
 
174
                        displayBackLink();
 
175
                        echo "</div>";
 
176
 
172
177
                } else {
173
178
                        echo "<div align='center'><img src=\"".$CFG_GLPI["root_doc"]."/pics/ok.png\" alt=\"OK\"><br><br><b>";
174
179
                        echo $LANG["help"][18]." (".$LANG["job"][38]." <a class='b' href='helpdesk.public.php?show=user&amp;ID=$newID'>$newID</a>)<br>";