From 55e35631911c3362658a08b36a43ecb56c36a13e Mon Sep 17 00:00:00 2001 From: Alexey Melnichuk Date: Tue, 25 Aug 2015 16:49:56 +0400 Subject: [PATCH] Fix. Escape hostname string. --- app/sip_status/sip_status.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/sip_status/sip_status.php b/app/sip_status/sip_status.php index abb921be11..1ad33c4e78 100644 --- a/app/sip_status/sip_status.php +++ b/app/sip_status/sip_status.php @@ -108,7 +108,7 @@ if ($_GET['a'] == "download") { $sql = "select sip_profile_name from v_sip_profiles "; $sql .= "where sip_profile_enabled = 'true' "; if ($hostname) { - $sql .= "and (sip_profile_hostname = '" . $hostname . "' "; + $sql .= "and (sip_profile_hostname = '" . check_str($hostname) . "' "; $sql .= "or sip_profile_hostname = '' "; $sql .= "or sip_profile_hostname is null ) "; }