mirror/zoneminder
1
0
Fork 0
mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-05-18 19:46:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix: validate eventId in getNearEvents() in ajax/status.php

Browse Source 
Apply validCardinal() to $_REQUEST['id'], consistent with the
validation now used in getNearFrame() and getFrameImage().

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Isaac Connor
2026-02-06 16:52:26 -05:00
parent 24a2126def
commit 191130dcf3
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
web/ajax/status.php
View File

@@ -525,7 +525,7 @@ function getNearFrame() {
function getNearEvents() {
global $user, $sortColumn, $sortOrder;
$eventId = $_REQUEST['id'];
$eventId = validCardinal($_REQUEST['id']);
$NearEvents = array('EventId'=>$eventId);
$event = dbFetchOne('SELECT * FROM Events WHERE Id=?', NULL, array($eventId));