Hardening

2025-08-20 19:24:03 +02:00
parent 41200633cb
commit 010b23b0e5
19 changed files with 1358 additions and 59 deletions
--- a/api/v1/.DS_Store
+++ b/api/v1/.DS_Store
--- a/api/v1/get/application.php
+++ b/api/v1/get/application.php
@@ -188,7 +188,8 @@ switch ($action) {
    break;

    case 'report_usage_servicereports':
-        $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
+        $exclusion = ' AND NOT e.serialnumber = "22050695" AND NOT e.serialnumber = "22020439" AND NOT e.serialnumber = "23060550" AND NOT e.serialnumber = "22020444" ';
+        $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" '.$exclusion.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
    break;

    case 'contract_usage_servicereports':
--- a/api/v1/get/history.php
+++ b/api/v1/get/history.php
@@ -68,7 +68,7 @@ if(isset($get_content) && $get_content!=''){
            //Filter out only relevant servicereports
            $filter_key_1 = '"%serialnumber%"';
            $filter_key_2 = '"ServiceReport"';
-            $clause .= ' AND h.type = '.$filter_key_2.' AND h.description like '.$filter_key_1; 
+            $clause .= ' AND h.type = '.$filter_key_2.' AND e.productrowid = "31" AND h.description like '.$filter_key_1; 
        }
        else {//create clause
        $clause .= ' AND '.$v[0].' = :'.$v[0];