SQL query Bug at mobile-skin

Forum for questions and support relating to the 1.27.x releases only.
Locked
keule
Posts: 19
Joined: Fri Mar 28, 2014 10:00 pm

SQL query Bug at mobile-skin

Post by keule »

hi,

i found this bug at

/usr/share/zoneminder/skins/mobile/views/watch.php:27

the query is Not OK(false double quotes), with following request.

< snip >

curl -v "yourURL/zm/index.php?skin=mobile&view=watch&mid=1&username=test&password=test&action=login"

SQL-ERR dbFetchOne no result, statement was 'select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ''1'''

< snap >


i removed the douple quotes for the sql-query in "watch.php:27", to this line,


$sql = "select C.*, M.* from Monitors as M left join Controls as C on (M.ControlId = C.Id ) where M.Id = ".dbEscape($_REQUEST['mid'])."";


and now everything is fine and my mobile-app("ZmView" ) will running.


thanks,
keule
Top
keule
Posts: 19
Joined: Fri Mar 28, 2014 10:00 pm

Re: SQL query Bug at mobile-skin

Post by keule »

is fixed in Git-CommitID: b3226223f86c7f1cf2c0b2747f6d75fda02a9006


thanks.
Top
Locked

Return to “ZoneMinder 1.27.x”