Security update merged from 2.1.

[fa-stable.git] / admin / attachments.php

diff --git a/admin/attachments.php b/admin/attachments.php
index 6febfb70c92c77b922204d9162178abc65472275..3b39aa94bdeb22e7d28fa9394366a8950f3ac495 100644 (file)
--- a/admin/attachments.php
+++ b/admin/attachments.php
@@ -112,25 +112,27 @@ if ($Mode == 'ADD_ITEM' || $Mode == 'UPDATE_ITEM')
        if ($Mode == 'ADD_ITEM')
        {
                $sql = "INSERT INTO ".TB_PREF."attachments (type_no, trans_no, description, filename, unique_name,
-                       filesize, filetype, tran_date) VALUES (".$_POST['filterType'].",".$_POST['trans_no'].",".
-                       db_escape($_POST['description']).", '$filename', '$unique_name', '$filesize', '$filetype', '$date')";
+                       filesize, filetype, tran_date) VALUES (".db_escape($_POST['filterType']).","
+                       .db_escape($_POST['trans_no']).",".db_escape($_POST['description']).", "
+                       .db_escape($filename).", ".db_escape($unique_name).", ".db_escape($filesize)
+                       .", ".db_escape($filetype).", '$date')";
                db_query($sql, "Attachment could not be inserted");             
                display_notification(_("Attachment has been inserted.")); 
        }
        else
        {
                $sql = "UPDATE ".TB_PREF."attachments SET
-                       type_no=".$_POST['filterType'].",
-                       trans_no=".$_POST['trans_no'].",
+                       type_no=".db_escape($_POST['filterType']).",
+                       trans_no=".db_escape($_POST['trans_no']).",
                        description=".db_escape($_POST['description']).", ";
                if ($filename != "")
                {
-                       $sql .= "filename='$filename',
-                       unique_name='$unique_name',
-                       filesize='$filesize',
-                       filetype='$filetype', ";
+                       $sql .= "filename=".db_escape($filename).",
+                       unique_name=".db_escape($unique_name).",
+                       filesize=".db_escape($filesize).",
+                       filetype=".db_escape($filetype);
                }       
-               $sql .= "tran_date='$date' WHERE id=$selected_id";
+               $sql .= "tran_date='$date' WHERE id=".db_escape($selected_id);
                db_query($sql, "Attachment could not be updated");              
                display_notification(_("Attachment has been updated.")); 
        }
@@ -143,7 +145,7 @@ if ($Mode == 'Delete')
        $dir =  $comp_path."/".user_company(). "/attachments";
        if (file_exists($dir."/".$row['unique_name']))
                unlink($dir."/".$row['unique_name']);
-       $sql = "DELETE FROM ".TB_PREF."attachments WHERE id = $selected_id";
+       $sql = "DELETE FROM ".TB_PREF."attachments WHERE id = ".db_escape($selected_id);
        db_query($sql, "Could not delete attachment");
        display_notification(_("Attachment has been deleted.")); 
        $Mode = 'RESET';
@@ -173,13 +175,14 @@ function viewing_controls()
 
 function get_attached_documents($type)
 {
-       $sql = "SELECT * FROM ".TB_PREF."attachments WHERE type_no=$type ORDER BY trans_no";
+       $sql = "SELECT * FROM ".TB_PREF."attachments WHERE type_no=".db_escape($type)
+       ." ORDER BY trans_no";
        return db_query($sql, "Could not retrieve attachments");
 }
 
 function get_attachment($id)
 {
-       $sql = "SELECT * FROM ".TB_PREF."attachments WHERE id=$id";
+       $sql = "SELECT * FROM ".TB_PREF."attachments WHERE id=".db_escape($id);
        $result = db_query($sql, "Could not retrieve attachments");
        return db_fetch($result);
 }