Commit c467cb2e authored by Leigh B. Stoller's avatar Leigh B. Stoller

Fix security bug.

parent c2570cfc
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group. # Copyright (c) 2000-2002, 2007 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -18,7 +18,7 @@ if (!isset($nid) || ...@@ -18,7 +18,7 @@ if (!isset($nid) ||
echo "</form><P>\n"; echo "</form><P>\n";
exit; exit;
} }
$pid = addslashes($pid); $nid = addslashes($nid);
$query_result = DBQueryFatal("SELECT * from wires where node_id1='$nid'"); $query_result = DBQueryFatal("SELECT * from wires where node_id1='$nid'");
......
<?php <?php
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group. # Copyright (c) 2000-2002, 2007 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
include("defs.php3"); include("defs.php3");
...@@ -18,7 +18,7 @@ if (!isset($nid) || ...@@ -18,7 +18,7 @@ if (!isset($nid) ||
echo "</form><P>\n"; echo "</form><P>\n";
exit; exit;
} }
$pid = addslashes($pid); $nid = addslashes($nid);
$query_result = DBQueryFatal("SELECT * from wires where node_id1='$nid'"); $query_result = DBQueryFatal("SELECT * from wires where node_id1='$nid'");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment