Changeset 2573

Show
Ignore:
Timestamp:
09/17/06 23:59:30 (7 years ago)
Author:
qldrob
Message:

Grr. I can't use mysql_add_slashes because if there isn't an anonymous account on the database, you can't actually run it. Switching back to addslashes. This will probably require a release of 2.1.3.. Argh.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/about.php

    r2413 r2573  
    99    if (isset($_POST[$test_var])) {  
    1010      global $$test_var; 
    11       $$test_var = mysql_real_escape_string($_POST[$test_var]);  
     11      $$test_var = addslashes($_POST[$test_var]);  
    1212    } elseif (isset($_GET[$test_var])) { 
    1313      global $$test_var;  
    14       $$test_var = mysql_real_escape_string($_GET[$test_var]); 
     14      $$test_var = addslashes($_GET[$test_var]); 
    1515    } 
    1616  } 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/call-comp.php

    r2413 r2573  
    132132    if (strpos($SQLcmd, 'WHERE') > 0) {   $SQLcmd = "$SQLcmd AND "; 
    133133    }else{                    $SQLcmd = "$SQLcmd WHERE "; } 
    134     $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_POST['before'])."'"; 
     134    $SQLcmd = "$SQLcmd calldate<'".addslashes($_POST['before'])."'"; 
    135135  } 
    136136  if ($_POST['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    137137  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    138     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 
     138    $SQLcmd = "$SQLcmd calldate>'".addslashes($_POST['after'])."'"; 
    139139  } 
    140140  $SQLcmd = do_field($SQLcmd, 'clid'); 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/call-daily-load.php

    r2413 r2573  
    129129    if (strpos($SQLcmd, 'WHERE') > 0) {   $SQLcmd = "$SQLcmd AND "; 
    130130    }else{                    $SQLcmd = "$SQLcmd WHERE "; } 
    131     $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_POST['before'])."'"; 
     131    $SQLcmd = "$SQLcmd calldate<'".addslashes($_POST['before'])."'"; 
    132132  } 
    133133  if ($_POST['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    134134  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    135     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 
     135    $SQLcmd = "$SQLcmd calldate>'".addslashes($_POST['after'])."'"; 
    136136  } 
    137137  $SQLcmd = do_field($SQLcmd, 'clid'); 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/call-last-month.php

    r2413 r2573  
    135135  if ($_POST['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    136136  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    137     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 
     137    $SQLcmd = "$SQLcmd calldate>'".addslashes($_POST['after'])."'"; 
    138138  } 
    139139  $SQLcmd = do_field($SQLcmd, 'clid'); 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/cdr.php

    r2413 r2573  
    2121    if (isset($_POST[$test_var])) {  
    2222      global $$test_var; 
    23       $$test_var = mysql_real_escape_string($_POST[$test_var]);  
     23      $$test_var = addslashes($_POST[$test_var]);  
    2424    } elseif (isset($_GET[$test_var])) { 
    2525      global $$test_var;  
    26       $$test_var = mysql_real_escape_string($_GET[$test_var]); 
     26      $$test_var = addslashes($_GET[$test_var]); 
    2727    } 
    2828  } 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/graph_hourdetail.php

    r2413 r2573  
    8484    if (strpos($SQLcmd, 'WHERE') > 0) {   $SQLcmd = "$SQLcmd AND "; 
    8585    }else{                    $SQLcmd = "$SQLcmd WHERE "; } 
    86     $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_POST['before'])."'"; 
     86    $SQLcmd = "$SQLcmd calldate<'".addslashes($_POST['before'])."'"; 
    8787  } 
    8888  if ($_POST['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    8989  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    90     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_POST['after'])."'"; 
     90    $SQLcmd = "$SQLcmd calldate>'".addslashes($_POST['after'])."'"; 
    9191  } 
    9292  $SQLcmd = do_field($SQLcmd, 'clid'); 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/graph_pie.php

    r2413 r2573  
    100100    if (strpos($SQLcmd, 'WHERE') > 0) {   $SQLcmd = "$SQLcmd AND "; 
    101101    }else{                    $SQLcmd = "$SQLcmd WHERE "; } 
    102     $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_GET['before'])."'"; 
     102    $SQLcmd = "$SQLcmd calldate<'".addslashes($_GET['before'])."'"; 
    103103  } 
    104104  if ($_GET['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    105105  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    106     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_GET['after'])."'"; 
     106    $SQLcmd = "$SQLcmd calldate>'".addslashes($_GET['after'])."'"; 
    107107  } 
    108108  $SQLcmd = do_field($SQLcmd, 'clid'); 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/graph_stat.php

    r2413 r2573  
    9797    if (strpos($SQLcmd, 'WHERE') > 0) {   $SQLcmd = "$SQLcmd AND "; 
    9898    }else{                    $SQLcmd = "$SQLcmd WHERE "; } 
    99     $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_GET['before'])."'"; 
     99    $SQLcmd = "$SQLcmd calldate<'".addslashes($_GET['before'])."'"; 
    100100  } 
    101101  if ($_GET['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    102102  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    103     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_GET['after'])."'"; 
     103    $SQLcmd = "$SQLcmd calldate>'".addslashes($_GET['after'])."'"; 
    104104  } 
    105105  $SQLcmd = do_field($SQLcmd, 'clid'); 

  • freepbx/branches/2.1/amp_conf/htdocs/admin/cdr/graph_statbar.php

    r2413 r2573  
    9797    if (strpos($SQLcmd, 'WHERE') > 0) {   $SQLcmd = "$SQLcmd AND "; 
    9898    }else{                    $SQLcmd = "$SQLcmd WHERE "; } 
    99     $SQLcmd = "$SQLcmd calldate<'".mysql_real_escape_string($_GET['before'])."'"; 
     99    $SQLcmd = "$SQLcmd calldate<'".addslashes($_GET['before'])."'"; 
    100100  } 
    101101  if ($_GET['after']) {    if (strpos($SQLcmd, 'WHERE') > 0) {      $SQLcmd = "$SQLcmd AND "; 
    102102  } else {      $SQLcmd = "$SQLcmd WHERE ";    } 
    103     $SQLcmd = "$SQLcmd calldate>'".mysql_real_escape_string($_GET['after'])."'"; 
     103    $SQLcmd = "$SQLcmd calldate>'".addslashes($_GET['after'])."'"; 
    104104  } 
    105105  $SQLcmd = do_field($SQLcmd, 'clid');