phpBMS

Ticket #8: notes.diff

File notes.diff, 2.0 KB (added by brieb, 6 years ago)

possible fix

  • notes_addedit_include.php

     
    105105        global $dblink; 
    106106         
    107107        $querystatement="SELECT 
    108                                 id, subject, assignedtoid, type, content, importance, category, 
    109                                 attachedtabledefid, attachedid, parentid,location,private,status, 
    110                                 repeat,repeatfrequency,repeattype,repeatdays,repeattimes,`repeat`,date_Format(repeatuntildate,\"%c/%e/%Y\") as repeatuntildate, 
    111                                 completed,date_Format(completeddate,\"%c/%e/%Y\") as completeddate,date_Format(startdate,\"%c/%e/%Y\") as startdate, 
    112                                 time_format(starttime,\"%l:%i %p\") as starttime,date_Format(enddate,\"%c/%e/%Y\") as enddate, time_format(endtime,\"%l:%i %p\") as endtime, 
    113                                 assignedtoid,date_Format(assignedtodate,\"%c/%e/%Y\") as assignedtodate,time_format(assignedtotime,\"%l:%i %p\") as assignedtotime,assignedbyid, 
     108                                id, subject, assignedtoid, `type`, content, importance, category, 
     109                                attachedtabledefid, attachedid, parentid, location, private, `status`, 
     110                                repeatfrequency, repeattype, repeatdays,repeattimes,`repeat`, date_Format(repeatuntildate,'%c/%e/%Y') as repeatuntildate, 
     111                                completed,date_Format(completeddate,'%c/%e/%Y') as completeddate,date_Format(startdate,'%c/%e/%Y') as startdate, 
     112                                time_format(starttime,'%l:%i %p') as starttime,date_Format(enddate,'%c/%e/%Y') as enddate, time_format(endtime,'%l:%i %p') as endtime, 
     113                                assignedtoid,date_Format(assignedtodate,'%c/%e/%Y') as assignedtodate,time_format(assignedtotime,'%l:%i %p') as assignedtotime,assignedbyid, 
    114114 
    115115                                createdby, creationdate,  
    116116                                modifiedby, modifieddate 
     
    217217                        } 
    218218                         
    219219                        if(isset($variables["repeat"])) { 
    220                                 $querystatement.="repeat=1, ";  
     220                                $querystatement.="`repeat`=1, ";  
    221221                                $querystatement.="repeatfrequency=".$variables["repeatfrequency"].", ";                                          
    222222                                $tempRepeatType="repeat".$variables["repeattype"]; 
    223223                                if($variables["repeattype"]=="Monthly") 
phpBMS vulnerability assesment provided by Orvant Inc. Copyright © 2010 Kreotek, LLC. All Rights reserved.