From 582cbf7bde9cb4b0a881e10ed2ffed92dcbc1f8d Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 04:13:11 -0400
Subject: [PATCH] - added csrf protection to tforms - possible sql injection in monitor sys_state

---
 interface/web/monitor/show_sys_state.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/monitor/show_sys_state.php b/interface/web/monitor/show_sys_state.php
index 93d1f95..23c32fb 100644
--- a/interface/web/monitor/show_sys_state.php
+++ b/interface/web/monitor/show_sys_state.php
@@ -191,7 +191,7 @@
 	/*
      * Get all monitoring-data from the server and process then
 	*/
-	$records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = " . $serverId);
+	$records = $app->db->queryAllRecords("SELECT DISTINCT type, data FROM monitor_data WHERE server_id = " . intval($serverId));
 	$osData = null;
 	$veInfo = null;
 	$ispcData = null;
@@ -320,7 +320,7 @@
     * state
 	*/
 	// get the State from the DB
-	$record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $serverId . " order by created desc");
+	$record = $app->db->queryOneRecord("SELECT state FROM monitor_data WHERE type = '" . $app->db->quote($type) . "' and server_id = " . intval($serverId) . " order by created desc");
 
 	// change the new state to the highest state
 	/*

--
Gitblit v1.9.1