Skip to content

Commit

Permalink
Commit regarding the fixing of the vulnerability issue
Browse files Browse the repository at this point in the history 
Commit regarding the fixing of the vulnerability issue in the page, `MassScheduleModal.php`.
  • Loading branch information
@sayan-os4ed
sayan-os4ed committed Feb 14, 2023
1 parent e51d57a commit 60770d9
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions MassScheduleModal.php
View file
Expand Up @@ -30,9 +30,11 @@
include'ConfigInc.php';
include 'Warehouse.php';

$id = sqlSecurityFilter($_REQUEST['id']);

if ($_REQUEST['table_name'] != '' && $_REQUEST['table_name'] == 'course_periods') {

$sql = "SELECT * FROM course_periods WHERE COURSE_ID='$_REQUEST[id]'AND (marking_period_id IS NOT NULL AND marking_period_id IN(" . GetAllMP(GetMPTable(GetMP(UserMP(), 'TABLE')), UserMP()) . ") OR marking_period_id IS NULL AND '" . date('Y-m-d') . "' <= end_date) ORDER BY TITLE";
$sql = "SELECT * FROM course_periods WHERE COURSE_ID='" . $id . "' AND (marking_period_id IS NOT NULL AND marking_period_id IN(" . GetAllMP(GetMPTable(GetMP(UserMP(), 'TABLE')), UserMP()) . ") OR marking_period_id IS NULL AND '" . date('Y-m-d') . "' <= end_date) ORDER BY TITLE";
$QI = DBQuery($sql);

$coursePeriods_RET = DBGet($QI);
Expand All @@ -55,7 +57,7 @@

if ($_REQUEST['table_name'] != '' && $_REQUEST['table_name'] == 'courses') {

$sql = "SELECT COURSE_ID,c.TITLE, CONCAT_WS(' - ',c.short_name,c.title) AS GRADE_COURSE FROM courses c LEFT JOIN school_gradelevels sg ON c.grade_level=sg.id WHERE SUBJECT_ID='$_REQUEST[id]' ORDER BY c.TITLE";
$sql = "SELECT COURSE_ID,c.TITLE, CONCAT_WS(' - ',c.short_name,c.title) AS GRADE_COURSE FROM courses c LEFT JOIN school_gradelevels sg ON c.grade_level=sg.id WHERE SUBJECT_ID='" . $id . "' ORDER BY c.TITLE";
$QI = DBQuery($sql);
$courses_RET = DBGet($QI);
$html = 'course_modal||';
Expand Down

0 comments on commit 60770d9

Please sign in to comment.