From 6bede2fd229395f34c321a37efa2ea93e7b1a7ba Mon Sep 17 00:00:00 2001
From: Philip Häusler <msquare@notrademark.de>
Date: Sun, 28 Dec 2014 13:44:56 +0100
Subject: harden the sql queries

---
 includes/pages/user_myshifts.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'includes/pages/user_myshifts.php')

diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index daffcdc0..4a6a1838 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -10,13 +10,13 @@ function user_myshifts() {
   global $user, $privileges;
   $msg = "";
   
-  if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_REQUEST['id'])) > 0) {
+  if (isset($_REQUEST['id']) && in_array("user_shifts_admin", $privileges) && preg_match("/^[0-9]{1,}$/", $_REQUEST['id']) && sql_num_query("SELECT * FROM `User` WHERE `UID`='" . sql_escape($_REQUEST['id']) . "'") > 0) {
     $id = $_REQUEST['id'];
   } else {
     $id = $user['UID'];
   }
   
-  list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($id) . " LIMIT 1");
+  list($shifts_user) = sql_select("SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
   
   if (isset($_REQUEST['reset'])) {
     if ($_REQUEST['reset'] == "ack") {
@@ -44,8 +44,8 @@ function user_myshifts() {
         JOIN `Shifts` ON (`ShiftEntry`.`SID` = `Shifts`.`SID`)
         JOIN `ShiftTypes` ON (`ShiftTypes`.`id` = `Shifts`.`shifttype_id`)
         JOIN `Room` ON (`Shifts`.`RID` = `Room`.`RID`)
-        WHERE `ShiftEntry`.`id`=" . sql_escape($id) . "
-        AND `UID`=" . sql_escape($shifts_user['UID']) . " LIMIT 1");
+        WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "'
+        AND `UID`='" . sql_escape($shifts_user['UID']) . "' LIMIT 1");
     if (count($shift) > 0) {
       $shift = $shift[0];
       
@@ -82,7 +82,7 @@ function user_myshifts() {
         SELECT `Shifts`.`start` 
         FROM `Shifts` 
         INNER JOIN `ShiftEntry` USING (`SID`) 
-        WHERE `ShiftEntry`.`id`=" . sql_escape($id) . " AND `UID`=" . sql_escape($shifts_user['UID']));
+        WHERE `ShiftEntry`.`id`='" . sql_escape($id) . "' AND `UID`='" . sql_escape($shifts_user['UID']) . "'");
     if (count($shift) > 0) {
       $shift = $shift[0];
       if (($shift['start'] > time() + $LETZTES_AUSTRAGEN * 3600) || in_array('user_shifts_admin', $privileges)) {
-- 
cgit v1.2.3-54-g00ecf