From dc26f4210708668ab860ab9169e65a56f1958a2a Mon Sep 17 00:00:00 2001
From: Ludovic Pouzenc <ludovic@pouzenc.fr>
Date: Sun, 28 Aug 2016 10:24:42 +0200
Subject: Same security fix for others API scripts

---
 api/data.json.php          | 5 ++++-
 api/gen_conf.php           | 1 -
 api/gen_firm.php           | 5 ++++-
 api/img_adt_svc_relais.php | 5 ++++-
 api/mig_wan6ll.php         | 5 ++++-
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/api/data.json.php b/api/data.json.php
index d94ffb2..961d6fa 100644
--- a/api/data.json.php
+++ b/api/data.json.php
@@ -21,8 +21,11 @@
 
 include_once('inc/config.php');
 $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']);
+if (mysqli_connect_errno()) {
+	die(mysqli_connect_error());
+}
 unset($db_config);
-$mysqli->query("SET NAMES 'utf8'");
+$mysqli->set_charset("utf8") or die($mysqli->error);
 
 $res = $mysqli->query("SELECT id, CONCAT('e', id) as 'name', uplink_id FROM equipements");
 
diff --git a/api/gen_conf.php b/api/gen_conf.php
index d5e61a1..aa544e2 100644
--- a/api/gen_conf.php
+++ b/api/gen_conf.php
@@ -27,7 +27,6 @@ if (mysqli_connect_errno()) {
 unset($db_config);
 $mysqli->set_charset("utf8") or die($mysqli->error);
 
-
 $descriptorspec = array(
 	0 => array("pipe", "r"),  // stdin is a pipe that the child will read from
 	1 => array("pipe", "w"),  // stdout is a pipe that the child will write to
diff --git a/api/gen_firm.php b/api/gen_firm.php
index 8c08030..a62d9b3 100644
--- a/api/gen_firm.php
+++ b/api/gen_firm.php
@@ -21,8 +21,11 @@
 
 include_once('inc/config.php');
 $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']);
+if (mysqli_connect_errno()) {
+	die(mysqli_connect_error());
+}
 unset($db_config);
-$mysqli->query("SET NAMES 'utf8'");
+$mysqli->set_charset("utf8") or die($mysqli->error);
 
 $arg_ip4pub=(array_key_exists('ip4pub', $_GET) && preg_match('/^[0-9.]+$/', $_GET['ip4pub']))?$_GET['ip4pub']:NULL;
 
diff --git a/api/img_adt_svc_relais.php b/api/img_adt_svc_relais.php
index d9681c2..ba1be49 100644
--- a/api/img_adt_svc_relais.php
+++ b/api/img_adt_svc_relais.php
@@ -21,8 +21,11 @@
 
 include_once('inc/config.php');
 $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']);
+if (mysqli_connect_errno()) {
+	die(mysqli_connect_error());
+}
 unset($db_config);
-$mysqli->query("SET NAMES 'utf8'");
+$mysqli->set_charset("utf8") or die($mysqli->error);
 
 $opt_show_source=array_key_exists('s', $_GET);
 $opt_embed=array_key_exists('e', $_GET);
diff --git a/api/mig_wan6ll.php b/api/mig_wan6ll.php
index 173f7fe..7661f13 100644
--- a/api/mig_wan6ll.php
+++ b/api/mig_wan6ll.php
@@ -21,8 +21,11 @@
 
 include_once('inc/config.php');
 $mysqli = new mysqli($db_config['host'], $db_config['username'], $db_config['password'], $db_config['database']);
+if (mysqli_connect_errno()) {
+	die(mysqli_connect_error());
+}
 unset($db_config);
-$mysqli->query("SET NAMES 'utf8'");
+$mysqli->set_charset("utf8") or die($mysqli->error);
 
 $arg_ip6wanll=(array_key_exists('ip6wanll', $_GET) && preg_match('/^[a-f0-9:]+$/', $_GET['ip6wanll']))?$_GET['ip6wanll']:NULL;
 
-- 
cgit v1.1