[svn r21095] Security improvements FS#4261

main/reservation/rsys.php

@@ -1594,6 +1594,14 @@ class Rsys {
 	 *  @return -   Array               The returned rows
 	 */
 	function get_table_subscriptions($from, $per_page, $column, $direction) {
+		
+		$from = intval($from);
+		$per_page = intval($per_page);
+		$column = intval($column);		
+		if(!in_array($direction, array('ASC','DESC'))) {
+			$direction = 'ASC';
+		}
+		
 		$sql = "SELECT CONCAT(s.reservation_id,'-',s.dummy) AS col0, i.name AS col1, DATE_FORMAT(s.start_at ,'%Y-%m-%d %H:%i')  AS col2, DATE_FORMAT(s.end_at ,'%Y-%m-%d %H:%i') AS col3, CONCAT(s.reservation_id,'-',s.dummy) AS col4, DATE_FORMAT(r.start_at ,'%Y-%m-%d %H:%i') , DATE_FORMAT(r.end_at ,'%Y-%m-%d %H:%i') , s.accepted,i.blackout
                 FROM ".Rsys :: getTable("subscription")." s 
                 INNER JOIN ".Rsys :: getTable("reservation")." r ON r.id = s.reservation_id