From 05ff274e373459e3c5df67f3946000f6547189f0 Mon Sep 17 00:00:00 2001 From: Davide Franco Date: Wed, 20 Jul 2011 18:43:39 +0200 Subject: [PATCH] bacula-web: Replaced all $_POST by safe value in jobs page --- gui/bacula-web/jobs.php | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/gui/bacula-web/jobs.php b/gui/bacula-web/jobs.php index 12b6bd9b8f..30cc2e915f 100644 --- a/gui/bacula-web/jobs.php +++ b/gui/bacula-web/jobs.php @@ -46,10 +46,11 @@ $query .= "FROM Job "; $query .= "LEFT JOIN Pool ON Job.PoolId=Pool.PoolId "; $query .= "LEFT JOIN Status ON Job.JobStatus = Status.JobStatus "; - - // Filter by status - if( isset( $_POST['status'] ) ) { - switch( $_POST['status'] ) + + $posts = CHttp::getRequestVars( $_POST ); + + if( $posts != false ) { + switch( $posts['status'] ) { case STATUS_RUNNING: $query .= "WHERE Job.JobStatus = 'R' "; @@ -67,7 +68,7 @@ $query .= "WHERE Job.JobStatus = 'A' "; break; } - $dbSql->tpl->assign('job_status_filter', $_POST['status'] ); + $dbSql->tpl->assign('job_status_filter', $posts['status'] ); } // order by @@ -77,9 +78,9 @@ $jobs_per_page = array( 25 => '25', 50 => '50', 75 => '75', 100 => '100', 150 => '150' ); // Determine how many jobs to display - if( isset($_POST['jobs_per_page']) ) { - $query .= "LIMIT " . $_POST['jobs_per_page']; - $dbSql->tpl->assign( 'jobs_per_page_selected', $_POST['jobs_per_page'] ); + if( isset($posts['jobs_per_page']) ) { + $query .= "LIMIT " . $posts['jobs_per_page']; + $dbSql->tpl->assign( 'jobs_per_page_selected', $posts['jobs_per_page'] ); }else $query .= "LIMIT 25 "; $dbSql->tpl->assign( 'jobs_per_page', $jobs_per_page ); @@ -149,8 +150,8 @@ $dbSql->tpl->assign( 'last_jobs', $last_jobs ); // Count jobs - if( isset( $_POST['status'] ) ) - $total_jobs = $dbSql->countJobs( FIRST_DAY, NOW, $_POST['status'] ); + if( isset( $posts['status'] ) ) + $total_jobs = $dbSql->countJobs( FIRST_DAY, NOW, $posts['status'] ); else $total_jobs = $dbSql->countJobs( FIRST_DAY, NOW ); -- 2.39.5