Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/common.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/common.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/common.php	(working copy)
@@ -497,8 +497,16 @@
 	if (array_search($command_type, $need_check_command_type_list) === FALSE) {
 		return FALSE;
 	}
-	$sql = "SELECT id FROM mp_mdm_task WHERE task_type = '$command_type' AND id IN (SELECT task_id FROM mp_mdm_ios_command WHERE status = 3 AND device_ios_id = $device_ios_id)";
-	$res = QueryAndFetchAll("mp_device", $sql);
+	# JasonChou CVE-2023-51707
+	#$sql = "SELECT id FROM mp_mdm_task WHERE task_type = '$command_type' AND id IN (SELECT task_id FROM mp_mdm_ios_command WHERE status = 3 AND device_ios_id = $device_ios_id)";
+	#$res = QueryAndFetchAll("mp_device", $sql);
+	#$res = QueryAndFetchAll("mp_device");
+	$key_value = array(
+		"task_type" => $command_type,
+		"device_ios_id" => $device_ios_id
+	);
+	$sql = "SELECT id FROM mp_mdm_task WHERE task_type = :task_type AND id IN (SELECT task_id FROM mp_mdm_ios_command WHERE status = 3 AND device_ios_id = :device_ios_id)";
+	$res = QueryAndFetchAll("mp_device", $sql, $key_value);
 	return empty($res) ? FALSE : TRUE; 
 }
 
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/config.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/config.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/config.php	(working copy)
@@ -1,10 +1,16 @@
 <?PHP
+require_once("../motionpro/aproxy_cli.php");
 
 if (array_key_exists('site_name', $_REQUEST))
     $db_name = $_REQUEST['site_name'];
 else if (array_key_exists('site_name', $_COOKIE))
     $db_name = $_COOKIE['site_name'];
 
+if(!check_sitename($db_name)) {
+    error_log("site_name is invalid!");
+    exit("site_name is invalid!");
+}
+
 if (empty($db_name)) {
     header("HTTP/1.1 400 Bad Request");
     echo "site name is NULL in request";
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/device.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/device.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/device.php	(working copy)
@@ -13,7 +13,12 @@
 if ($method == "GET") {
 	$columns = "device_id,device_name,username,group_name,type,status";
 	if (!empty($devID)) {
-		$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device WHERE device_id = '$devID'");
+		# JasonChou CVE-2023-51707
+		#$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device WHERE device_id = '$devID'");
+		$key_value = array(
+			"device_id" => $devID
+		)
+		$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device WHERE device_id = :device_id", $key_value);
 		if (!empty($res)) {
 			$res = $res[0];
 		} else {
@@ -21,11 +26,22 @@
 		}
 	} elseif (array_key_exists("user", $_GET)) {
 		$user_name = $_GET["user"];
-		$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device WHERE username = '$user_name'");
+		# JasonChou CVE-2023-51707
+		#$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device WHERE username = '$user_name'");
+		$key_value = array(
+			"username" => $user_name
+		)
+		$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device WHERE username = :username", $key_value);
 	} elseif (array_key_exists("group", $_GET)) {
 		$group_name = $_GET["group"];
-		$sql = "SELECT $columns FROM mp_device WHERE username IN (SELECT user_name FROM tbl_member WHERE grp_name IN ('$group_name'))";
-		$res = QueryAndFetchAll("mp_device", $sql);
+		# JasonChou CVE-2023-51707
+		#$sql = "SELECT $columns FROM mp_device WHERE username IN (SELECT user_name FROM tbl_member WHERE grp_name IN ('$group_name'))";
+		#$res = QueryAndFetchAll("mp_device", $sql);
+		$sql = "SELECT $columns FROM mp_device WHERE username IN (SELECT user_name FROM tbl_member WHERE grp_name IN (:grp_name))";
+		$key_value = array(
+			"grp_name" => $group_name
+		)
+		$res = QueryAndFetchAll("mp_device", $sql, $key_value);
 	} else {
 		$res = QueryAndFetchAll("mp_device", "SELECT $columns FROM mp_device");
 	}
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/policy.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/policy.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/policy.php	(working copy)
@@ -154,9 +154,17 @@
         return FUNCTION_ERROR;
     }
 
+    # JasonChou CVE-2023-51707
+    // $result = QueryAndFetchAll("mp_device",
+    //     "SELECT username,group_name FROM mp_device WHERE id IN
+    //     (SELECT mp_device_id FROM mp_device_ios WHERE udid='$udid')");
+    $key_value = array(
+        "udid" => $udid
+    )
     $result = QueryAndFetchAll("mp_device",
-        "SELECT username,group_name FROM mp_device WHERE id IN
-        (SELECT mp_device_id FROM mp_device_ios WHERE udid='$udid')");
+         "SELECT username,group_name FROM mp_device WHERE id IN
+         (SELECT mp_device_id FROM mp_device_ios WHERE udid=:udid)", $key_value);
+    
     if (empty($result)) {
         LogMsgError(basename(__FILE__) . ": No user and group registered for device.");
         return FUNCTION_ERROR;
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/task.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/task.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/mdm/task.php	(working copy)
@@ -22,7 +22,12 @@
 
 if ($method == "GET"){
 	if (!empty($task_name)) {
-		$tasks = QueryAndFetchAll("mp_mdm_task", "SELECT * FROM mp_mdm_task WHERE task_name = '$task_name'");
+		# JasonChou CVE-2023-51707
+		#$tasks = QueryAndFetchAll("mp_mdm_task", "SELECT * FROM mp_mdm_task WHERE task_name = '$task_name'");
+		$key_value = array(
+			"task_name" => $task_name
+		)
+		$tasks = QueryAndFetchAll("mp_mdm_task", "SELECT * FROM mp_mdm_task WHERE task_name = :task_name", $key_value);
 		if(!empty($tasks)) {
 			$tasks = $tasks[0];
 			add_commands_to_task($tasks);
@@ -31,9 +36,16 @@
 		}
 	} elseif (array_key_exists("devid", $_GET)) {
 		$dev_id = $_GET["devid"];
+		# JasonChou CVE-2023-51707
+		// $sql = "SELECT task_id,status,error FROM mp_mdm_ios_command WHERE device_ios_id IN
+		// 		(SELECT id FROM mp_device_ios WHERE mp_device_id IN (SELECT id FROM mp_device WHERE device_id = '$dev_id'))";
+		// $commands = QueryAndFetchAll("mp_mdm_ios_command", $sql);
 		$sql = "SELECT task_id,status,error FROM mp_mdm_ios_command WHERE device_ios_id IN
-				(SELECT id FROM mp_device_ios WHERE mp_device_id IN (SELECT id FROM mp_device WHERE device_id = '$dev_id'))";
-		$commands = QueryAndFetchAll("mp_mdm_ios_command", $sql);
+		 		(SELECT id FROM mp_device_ios WHERE mp_device_id IN (SELECT id FROM mp_device WHERE device_id = :device_id))";
+		$key_value = array(
+			"device_id" => $dev_id
+		)
+		$commands = QueryAndFetchAll("mp_mdm_ios_command", $sql, $key_value);
 		foreach ($commands as $command) {
 			$res = FindInDatabase("mp_mdm_task", "id", $command["task_id"]);
 			if (!empty($res) && strncmp($res["task_name"], '__inner_', 8) != 0) {
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/mp_portal_config.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/mp_portal_config.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/mp_portal_config.php	(working copy)
@@ -5,6 +5,10 @@
 			error_log("site_name is null!");
 			return;
 		}
+		if(!check_sitename($vsite)) {
+			error_log("site_name is invalid!");
+			exit("site_name is invalid!");
+		}
 		$cmd = 'show motionpro portal tabpage';
 		$mycli = new cli();
 		$tabpage_str_to_int = ["display"=>0,"not_display"=>1];
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/postlogin_app.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/postlogin_app.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/postlogin_app.php	(working copy)
@@ -1,11 +1,16 @@
 <?php
 include_once "mp_db.php";
 include_once "mp_portal_config.php";
+require_once "aproxy_cli.php";
 $sitename = $_COOKIE["site_name"];
 if(!$sitename){
 	error_log("site_name is null!");
 	exit("site_name is null!");
 }
+if(!check_sitename($sitename)) {
+    error_log("site_name is invalid!");
+    exit("site_name is invalid!");
+}
 $dbname = "auth_" . $sitename;
 $db_conn = new MP\DB\MP_db($dbname);
 $host = new MP\DB\Host('Host');
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/postlogin_cv.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/postlogin_cv.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/postlogin_cv.php	(working copy)
@@ -1,11 +1,15 @@
 <?php
 include_once "mp_db.php";
-
+require_once "aproxy_cli.php";
 $sitename = $_COOKIE["site_name"];
 if(!$sitename){
 	error_log("site_name is null!");
 	exit("site_name is null!");
 }
+if(!check_sitename($sitename)) {
+    error_log("site_name is invalid!");
+    exit("site_name is invalid!");
+}
 $dbname = "auth_" . $sitename;
 $user_name = $_COOKIE["user_name"];
 if(!$user_name){
Index: /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/runcli_getipsec.php
===================================================================
--- /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/runcli_getipsec.php	(revision 20314)
+++ /branches/rel_ag_9_4_5/aproxy/apps/webapp/motionpro/runcli_getipsec.php	(working copy)
@@ -6,6 +6,10 @@
 		error_log("site_name is null!");
 		exit("site_name is null!");
 	}
+	if(!check_sitename($_COOKIE["site_name"])) {
+		error_log("site_name is invalid!");
+		exit("site_name is invalid!");
+	}
 	if(!$_GET["username"] || !$_GET["deviceID"] || !$_GET["session_type"]){
 		header("HTTP/1.1 400 Bad Request");
 		exit;