diff --git a/app/access_controls/access_control_nodes.php b/app/access_controls/access_control_nodes.php
index b78e14e4ba..06d1720d3c 100644
--- a/app/access_controls/access_control_nodes.php
+++ b/app/access_controls/access_control_nodes.php
@@ -56,7 +56,7 @@
//prepare to page the results
$sql = "select count(*) as num_rows from v_access_control_nodes ";
- $sql .= "where access_control_uuid = '$access_control_uuid' ";
+ $sql .= "where access_control_uuid = '".$access_control_uuid."' ";
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$prep_statement = $db->prepare($sql);
if ($prep_statement) {
@@ -80,7 +80,7 @@
//get the list
$sql = "select * from v_access_control_nodes ";
- $sql .= "where access_control_uuid = '$access_control_uuid' ";
+ $sql .= "where access_control_uuid = '".$access_control_uuid."' ";
if (strlen($order_by)> 0) { $sql .= "order by $order_by $order "; }
$sql .= "limit $rows_per_page offset $offset ";
$prep_statement = $db->prepare(check_sql($sql));
@@ -101,7 +101,7 @@
echo th_order_by('node_description', $text['label-node_description'], $order_by, $order);
echo "| ";
if (permission_exists('access_control_node_add')) {
- echo "$v_link_label_add";
+ echo "$v_link_label_add";
}
else {
echo " \n";
@@ -109,22 +109,22 @@
echo " | \n";
echo "\n";
- if ($result_count > 0) {
- foreach($result as $row) {
+ if (is_array($access_control_nodes)) {
+ foreach($access_control_nodes as $row) {
if (permission_exists('access_control_node_edit')) {
- $tr_link = "href='access_control_node_edit.php?access_control_uuid=".$row['access_control_uuid']."&id=".$row['access_control_node_uuid']."'";
+ $tr_link = "href='access_control_node_edit.php?access_control_uuid=".escape($row['access_control_uuid'])."&id=".escape($row['access_control_node_uuid'])."'";
}
echo "
\n";
- echo " | ".$row['node_type']." | \n";
- echo " ".$row['node_cidr']." | \n";
- echo " ".$row['node_domain']." | \n";
- echo " ".$row['node_description']." | \n";
+ echo " ".escape($row['node_type'])." | \n";
+ echo " ".escape($row['node_cidr'])." | \n";
+ echo " ".escape($row['node_domain'])." | \n";
+ echo " ".escape($row['node_description'])." | \n";
echo " ";
if (permission_exists('access_control_node_edit')) {
- echo "$v_link_label_edit";
+ echo "$v_link_label_edit";
}
if (permission_exists('access_control_node_delete')) {
- echo "$v_link_label_delete";
+ echo "$v_link_label_delete";
}
echo " | \n";
echo "
\n";