Improved sql queries in VM module.

dce3bb51 · Till Brehm · 35509d56 · dce3bb51 · dce3bb51 · dce3bb51
Commit dce3bb51 authored 11 years ago by Till Brehm
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -18,8 +18,8 @@ $notify_msg = '';
 if($vm_id == 0) die('Invalid VM ID');
 $vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");
-$veid = $vm['veid'];
+$veid = $app->functions->intval($vm['veid']);
-$server_id = $vm['server_id'];
+$server_id = $app->functions->intval($vm['server_id']);
 //* Loading classes
 $app->uses('tpl');

--- a/interface/web/vm/openvz_template_edit.php
+++ b/interface/web/vm/openvz_template_edit.php
@@ -54,8 +54,8 @@ class page_action extends tform_actions {
 	function onAfterInsert() {
 		global $app, $conf;
-		$guar_ram = $this->dataRecord['ram']*256;
+		$guar_ram = $app->functions->intval($this->dataRecord['ram']*256);
-		$burst_ram = $this->dataRecord['ram_burst']*256;
+		$burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);
 		$sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";
 		$app->db->query($sql);
 	}
@@ -63,8 +63,8 @@ class page_action extends tform_actions {
 	function onAfterUpdate() {
 		global $app, $conf;
-		$guar_ram = $this->dataRecord['ram']*256;
+		$guar_ram = $app->functions->intval($this->dataRecord['ram']*256);
-		$burst_ram = $this->dataRecord['ram_burst']*256;
+		$burst_ram = $app->functions->intval($this->dataRecord['ram_burst']*256);
 		$sql = "UPDATE openvz_template SET shmpages = '$guar_ram:$guar_ram',vmguarpages = '$guar_ram:$guar_ram', oomguarpages = '$guar_ram:$guar_ram',privvmpages = '$burst_ram:$burst_ram' WHERE template_id = $this->id";
 		$app->db->query($sql);
 	}

--- a/interface/web/vm/openvz_vm_edit.php
+++ b/interface/web/vm/openvz_vm_edit.php
@@ -73,14 +73,14 @@ class page_action extends tform_actions {
 		if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
 			//* Get the limits of the client
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT client.client_id, client.contact_name, client.limit_openvz_vm_template_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
 			//* Fill the template_id field
 			if($client['limit_openvz_vm_template_id'] == 0) {
 				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
 			} else {
-				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$client['limit_openvz_vm_template_id'].' ORDER BY template_name';
+				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';
 			}
 			$records = $app->db->queryAllRecords($sql);
 			if(is_array($records)) {
@@ -100,9 +100,9 @@ class page_action extends tform_actions {
 			//* Fill the client select field
-			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$client['client_id']." ORDER BY sys_group.name";
+			$sql = "SELECT sys_group.groupid, sys_group.name, CONCAT(IF(client.company_name != '', CONCAT(client.company_name, ' :: '), ''), client.contact_name, ' (', client.username, IF(client.customer_no != '', CONCAT(', ', client.customer_no), ''), ')') as contactname FROM sys_group, client WHERE sys_group.client_id = client.client_id AND client.parent_client_id = ".$app->functions->intval($client['client_id'])." ORDER BY sys_group.name";
 			$records = $app->db->queryAllRecords($sql);
-			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$client['client_id']);
+			$tmp = $app->db->queryOneRecord("SELECT groupid FROM sys_group WHERE client_id = ".$app->functions->intval($client['client_id']));
 			$client_select = '<option value="'.$tmp['groupid'].'">'.$client['contactname'].'</option>';
 			//$tmp_data_record = $app->tform->getDataRecord($this->id);
 			if(is_array($records)) {
@@ -117,7 +117,7 @@ class page_action extends tform_actions {
 			if($client['limit_openvz_vm_template_id'] == 0) {
 				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE 1 ORDER BY template_name';
 			} else {
-				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$client['limit_openvz_vm_template_id'].' ORDER BY template_name';
+				$sql = 'SELECT template_id,template_name FROM openvz_template WHERE template_id = '.$app->functions->intval($client['limit_openvz_vm_template_id']).' ORDER BY template_name';
 			}
 			$records = $app->db->queryAllRecords($sql);
 			if(is_array($records)) {
@@ -164,7 +164,7 @@ class page_action extends tform_actions {
 			$vm_server_id = $app->functions->intval($this->dataRecord["server_id"]);
 		} else {
 			$tmp = $app->db->queryOneRecord('SELECT server_id FROM server WHERE vserver_server = 1 AND mirror_server_id = 0 ORDER BY server_name LIMIT 0,1');
-			$vm_server_id = $tmp['server_id'];
+			$vm_server_id = $app->functions->intval($tmp['server_id']);
 		}
 		$sql = "SELECT ip_address FROM openvz_ip WHERE reserved = 'n' AND (vm_id = 0 or vm_id = '".$this->id."') AND server_id = ".$app->functions->intval($vm_server_id)." ORDER BY ip_address";
 		$ips = $app->db->queryAllRecords($sql);