diff options
| author | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2016-08-28 10:24:42 +0200 |
|---|---|---|
| committer | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2016-08-28 10:24:42 +0200 |
| commit | dc26f4210708668ab860ab9169e65a56f1958a2a (patch) | |
| tree | 0fb7523f388055c748e911eae6b5103d72c6fe5e | |
| parent | 53bee7f8fc073d2128f9b542e2b676b4fd3e8b84 (diff) | |
| download | chd_gestion-dc26f4210708668ab860ab9169e65a56f1958a2a.zip chd_gestion-dc26f4210708668ab860ab9169e65a56f1958a2a.tar.gz chd_gestion-dc26f4210708668ab860ab9169e65a56f1958a2a.tar.bz2 | |
Same security fix for others API scripts
| -rw-r--r-- | api/data.json.php | 5 | ||||
| -rw-r--r-- | api/gen_conf.php | 1 | ||||
| -rw-r--r-- | api/gen_firm.php | 5 | ||||
| -rw-r--r-- | api/img_adt_svc_relais.php | 5 | ||||
| -rw-r--r-- | api/mig_wan6ll.php | 5 |
5 files changed, 16 insertions, 5 deletions
diff --git a/api/data.json.php b/api/data.json.php index d94ffb2..961d6fa 100644 --- a/api/data.json.php +++ b/api/data.json.php @@ -21,8 +21,11 @@ include_once('inc/config.php'); $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']); +if (mysqli_connect_errno()) { + die(mysqli_connect_error()); +} unset($db_config); -$mysqli->query("SET NAMES 'utf8'"); +$mysqli->set_charset("utf8") or die($mysqli->error); $res = $mysqli->query("SELECT id, CONCAT('e', id) as 'name', uplink_id FROM equipements"); diff --git a/api/gen_conf.php b/api/gen_conf.php index d5e61a1..aa544e2 100644 --- a/api/gen_conf.php +++ b/api/gen_conf.php @@ -27,7 +27,6 @@ if (mysqli_connect_errno()) { unset($db_config); $mysqli->set_charset("utf8") or die($mysqli->error); - $descriptorspec = array( 0 => array("pipe", "r"), // stdin is a pipe that the child will read from 1 => array("pipe", "w"), // stdout is a pipe that the child will write to diff --git a/api/gen_firm.php b/api/gen_firm.php index 8c08030..a62d9b3 100644 --- a/api/gen_firm.php +++ b/api/gen_firm.php @@ -21,8 +21,11 @@ include_once('inc/config.php'); $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']); +if (mysqli_connect_errno()) { + die(mysqli_connect_error()); +} unset($db_config); -$mysqli->query("SET NAMES 'utf8'"); +$mysqli->set_charset("utf8") or die($mysqli->error); $arg_ip4pub=(array_key_exists('ip4pub', $_GET) && preg_match('/^[0-9.]+$/', $_GET['ip4pub']))?$_GET['ip4pub']:NULL; diff --git a/api/img_adt_svc_relais.php b/api/img_adt_svc_relais.php index d9681c2..ba1be49 100644 --- a/api/img_adt_svc_relais.php +++ b/api/img_adt_svc_relais.php @@ -21,8 +21,11 @@ include_once('inc/config.php'); $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']); +if (mysqli_connect_errno()) { + die(mysqli_connect_error()); +} unset($db_config); -$mysqli->query("SET NAMES 'utf8'"); +$mysqli->set_charset("utf8") or die($mysqli->error); $opt_show_source=array_key_exists('s', $_GET); $opt_embed=array_key_exists('e', $_GET); diff --git a/api/mig_wan6ll.php b/api/mig_wan6ll.php index 173f7fe..7661f13 100644 --- a/api/mig_wan6ll.php +++ b/api/mig_wan6ll.php @@ -21,8 +21,11 @@ include_once('inc/config.php'); $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']); +if (mysqli_connect_errno()) { + die(mysqli_connect_error()); +} unset($db_config); -$mysqli->query("SET NAMES 'utf8'"); +$mysqli->set_charset("utf8") or die($mysqli->error); $arg_ip6wanll=(array_key_exists('ip6wanll', $_GET) && preg_match('/^[a-f0-9:]+$/', $_GET['ip6wanll']))?$_GET['ip6wanll']:NULL; |