packages: lms/lms-balancelist.php.patch (NEW) - SQL Injection fixes, perfor...
paszczus
paszczus at pld-linux.org
Wed Apr 6 15:38:26 CEST 2011
Author: paszczus Date: Wed Apr 6 13:38:26 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- SQL Injection fixes, performance fixes, code cleanup from upstream
---- Files affected:
packages/lms:
lms-balancelist.php.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/lms/lms-balancelist.php.patch
diff -u /dev/null packages/lms/lms-balancelist.php.patch:1.1
--- /dev/null Wed Apr 6 15:38:26 2011
+++ packages/lms/lms-balancelist.php.patch Wed Apr 6 15:38:21 2011
@@ -0,0 +1,32 @@
+--- modules/balancelist.php 2011/01/18 08:12:20 1.64
++++ modules/balancelist.php 2011/04/01 10:35:12 1.65
+@@ -21,7 +21,7 @@
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ * USA.
+ *
+- * $Id$
++ * $Id$
+ */
+
+ function GetBalanceList($search=NULL, $cat=NULL, $group=NULL, $pagelimit=100, $page=NULL, $from, $to)
+@@ -42,7 +42,7 @@
+ $where = ' AND documents.number = '.intval($search);
+ break;
+ case 'cdate':
+- $where = ' AND cash.time >= '.$search.' AND cash.time < '.($search+86400);
++ $where = ' AND cash.time >= '.intval($search).' AND cash.time < '.(intval($search)+86400);
+ break;
+ case 'ten':
+ $where = ' AND c.ten = '.$DB->Escape($search);
+@@ -68,9 +68,9 @@
+ }
+
+ if($from)
+- $where .= ' AND cash.time >= '.$from;
++ $where .= ' AND cash.time >= '.intval($from);
+ if($to)
+- $where .= ' AND cash.time <= '.$to;
++ $where .= ' AND cash.time <= '.intval($to);
+
+ if($res = $DB->Exec('SELECT cash.id AS id, time, cash.userid AS userid, cash.value AS value,
+ cash.customerid AS customerid, comment, docid, cash.type AS type,
================================================================
More information about the pld-cvs-commit
mailing list