From b167721d5746c0d1791febbb213da0a0aed21aa2 Mon Sep 17 00:00:00 2001 From: Brian Evans Date: Mon, 29 Jan 2018 16:07:33 -0500 Subject: Modernize the database and mirror libraries --- php/admin/mirror-list.php | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) (limited to 'php/admin/mirror-list.php') diff --git a/php/admin/mirror-list.php b/php/admin/mirror-list.php index c161efd..e0876d4 100644 --- a/php/admin/mirror-list.php +++ b/php/admin/mirror-list.php @@ -9,20 +9,20 @@ require_once('../cfg/init.php'); if (!empty($_GET['os'])&&!empty($_GET['product'])) { // clean in os and product strings - $os_name = mysql_real_escape_string(trim(strtolower($_GET['os']))); - $product_name = mysql_real_escape_string(trim(strtolower($_GET['product']))); + $os_name = trim(strtolower(filter_input(INPUT_GET,'os'))); + $product_name = trim(strtolower(filter_input(INPUT_GET,'product'))); // get os and product IDs - $os_id = db_name_to_id('mirror_os','os_id','os_name',$os_name); - $product_id = db_name_to_id('mirror_products','product_id','product_name',$product_name); + $os_id = DB::name_to_id('mirror_os','os_id','os_name',$os_name); + $product_id = DB::name_to_id('mirror_products','product_id','product_name',$product_name); } if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { - $os_id = intval($_GET['os_id']); - $product_id = intval($_GET['product_id']); + $os_id = intval(filter_input(INPUT_GET,'os_id',FILTER_SANITIZE_NUMBER_INT)); + $product_id = intval(filter_input(INPUT_GET,'product_id',FILTER_SANITIZE_NUMBER_INT)); - $mirrors = db_get(" + $mirrors = DB::get(" SELECT DISTINCT mirror_baseurl FROM @@ -36,11 +36,11 @@ if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { ON mirror_location_mirror_map.location_id = mirror_locations.location_id WHERE - mirror_locations.os_id = {$os_id} AND - mirror_locations.product_id = {$product_id} AND + mirror_locations.os_id = ? AND + mirror_locations.product_id = ? AND mirror_location_mirror_map.location_active = '1' AND mirror_mirrors.mirror_active = '1' - "); + ", PDO::FETCH_ASSOC, [$os_id, $product_id]); header("Content-type: text/plain;"); foreach ($mirrors as $mirror) { @@ -58,17 +58,16 @@ if (!empty($_GET['os_id'])&&!empty($_GET['product_id'])) { form_start('list','list','get','./mirror-list.php'); echo '
'; form_label('Product', 'product','label-small'); - form_select('product_id','product','',mirror_get_products_select(),$posts['product_id']); + form_select('product_id','product','',Mirror::get_products_select(),$posts['product_id']); echo ' [edit products]'; echo '

'; echo '
'; form_label('OS', 'os','label-small'); - form_select('os_id','os','',mirror_get_oss_select(),$posts['os_id']); + form_select('os_id','os','',Mirror::get_oss_select(),$posts['os_id']); echo ' [edit operating systems]'; echo '

'; form_submit('submit','','button1','Update'); form_end(); require_once(FOOTER); } -?> -- cgit v1.2.3-65-gdbad