SQL query Bug at mobile-skin
Posted: Mon Apr 28, 2014 12:37 pm
hi,
i found this bug at
/usr/share/zoneminder/skins/mobile/views/watch.php:27
the query is Not OK(false double quotes), with following request.
< snip >
curl -v "yourURL/zm/index.php?skin=mobile&view=watch&mid=1&username=test&password=test&action=login"
SQL-ERR dbFetchOne no result, statement was 'select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ''1'''
< snap >
i removed the douple quotes for the sql-query in "watch.php:27", to this line,
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ".dbEscape($_REQUEST['mid'])."";
and now everything is fine and my mobile-app("ZmView" ) will running.
thanks,
keule
i found this bug at
/usr/share/zoneminder/skins/mobile/views/watch.php:27
the query is Not OK(false double quotes), with following request.
< snip >
curl -v "yourURL/zm/index.php?skin=mobile&view=watch&mid=1&username=test&password=test&action=login"
SQL-ERR dbFetchOne no result, statement was 'select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ''1'''
< snap >
i removed the douple quotes for the sql-query in "watch.php:27", to this line,
$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ".dbEscape($_REQUEST['mid'])."";
and now everything is fine and my mobile-app("ZmView" ) will running.
thanks,
keule