From d83abe0860e13d599b34e7e150e4ba2fd571db93 Mon Sep 17 00:00:00 2001
From: Florian Schaal <florian@schaal-24.de>
Date: Thu, 25 Feb 2016 02:27:22 -0500
Subject: [PATCH] validate serverip depending on ipv4/ipv6

---
 interface/lib/classes/plugin_dbhistory.inc.php |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/interface/lib/classes/plugin_dbhistory.inc.php b/interface/lib/classes/plugin_dbhistory.inc.php
index c654731..3ad5d42 100644
--- a/interface/lib/classes/plugin_dbhistory.inc.php
+++ b/interface/lib/classes/plugin_dbhistory.inc.php
@@ -47,12 +47,13 @@
 		$db_table_idx = $app->tform->formDef["db_table_idx"];
 		$primary_id = $this->form->id;
 		if($_SESSION["s"]["user"]["typ"] == 'admin') {
-			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE dbtable = ? AND dbidx = ?";
+			$records = $app->db->queryAllRecords($sql, $db_table, $db_table_idx.":".$primary_id);
 		} else {
-			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = '".$_SESSION["s"]["user"]["username"]."' dbtable = '".$db_table."' AND dbidx = '".$db_table_idx.":".$primary_id."'";
+			$sql = "SELECT action, tstamp, user, data FROM sys_datalog WHERE user = ? AND dbtable = ? AND dbidx = ?";
+			$records = $app->db->queryAllRecords($sql, $_SESSION["s"]["user"]["username"], $db_table, $db_table_idx.":".$primary_id);
 		}
 
-		$records = $app->db->queryAllRecords($sql);
 		if(is_array($records)) {
 			$content .= '<table>';
 			foreach($records as $rec) {

--
Gitblit v1.9.1