MantisBT

Email Archive: mantisbt-cvs (read-only)

2002:	_Jan	_Feb	_Mar	_Apr	_May (80)	_Jun (166)	_Jul (27)	_Aug (346)	_Sep (166)	_Oct (83)	_Nov (40)	_Dec (117)
2003:	_Jan (134)	_Feb (424)	_Mar (128)	_Apr (52)	_May (11)	_Jun (8)	_Jul (46)	_Aug (75)	_Sep (14)	_Oct (8)	_Nov (4)	_Dec (5)
2004:	_Jan (21)	_Feb (204)	_Mar (105)	_Apr (65)	_May (158)	_Jun (85)	_Jul (244)	_Aug (236)	_Sep (163)	_Oct (101)	_Nov (73)	_Dec (121)
2005:	_Jan (84)	_Feb (123)	_Mar (72)	_Apr (122)	_May (110)	_Jun (80)	_Jul (138)	_Aug (71)	_Sep (42)	_Oct (24)	_Nov (14)	_Dec (54)
2006:	_Jan (45)	_Feb (32)	_Mar (28)	_Apr (96)	_May (63)	_Jun (2)	_Jul (15)	_Aug (33)	_Sep (86)	_Oct (31)	_Nov (21)	_Dec (47)
2007:	_Jan (2)	_Feb (31)	_Mar (98)	_Apr (48)	_May (60)	_Jun (30)	_Jul (161)	_Aug (77)	_Sep (67)	_Oct (139)	_Nov (113)	_Dec (45)
2008:	_Jan (88)	_Feb (125)	_Mar (83)	_Apr (68)	_May (87)	_Jun (77)	_Jul (92)	_Aug (57)	_Sep (81)	_Oct (136)	_Nov (85)	_Dec (92)
2009:	_Jan (47)	_Feb (23)	_Mar (41)	_Apr (54)	_May (46)	_Jun (97)	_Jul (133)	_Aug (36)	_Sep (65)	_Oct (126)	_Nov (70)	_Dec (89)
2010:	_Jan (80)	_Feb (77)	_Mar (40)	_Apr (66)	_May (55)	_Jun (15)	_Jul (10)	_Aug (67)	_Sep (49)	_Oct (28)	_Nov (21)	_Dec (57)
2011:	_Jan (26)	_Feb (59)	_Mar (25)	_Apr (34)	_May (8)	_Jun (14)	_Jul (81)	_Aug (20)	_Sep (59)	_Oct (23)	_Nov (17)	_Dec (78)
2012:	_Jan (46)	_Feb (29)	_Mar (50)	_Apr (36)	_May (39)	_Jun (66)	_Jul (12)	_Aug (50)	_Sep (47)	_Oct (40)	_Nov (42)	_Dec (26)
2013:	_Jan (39)	_Feb (30)	_Mar (26)	_Apr (64)	_May (43)	_Jun (8)	_Jul	_Aug	_Sep	_Oct	_Nov	_Dec

[mantisbt-cvs] mantisbt billing_inc.php,1.12,1.13

From: Paul Richards <prichards@us...> - 2007-07-26 21:59

Update of /cvsroot/mantisbt/mantisbt
In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv9679

Modified Files:
	billing_inc.php 
Log Message:
0008202: Potential Cross-Site Scripting Flaws

Index: billing_inc.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/billing_inc.php,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -d -r1.12 -r1.13
--- billing_inc.php	11 Jul 2007 21:13:24 -0000	1.12
+++ billing_inc.php	26 Jul 2007 21:59:43 -0000	1.13
@@ -51,9 +51,9 @@
 	$t_bugnote_stats_from_def_m = $t_bugnote_stats_from_def_ar[1];
 	$t_bugnote_stats_from_def_y = $t_bugnote_stats_from_def_ar[2];
 
-	$t_bugnote_stats_from_d = gpc_get_string('start_day', $t_bugnote_stats_from_def_d);
-	$t_bugnote_stats_from_m = gpc_get_string('start_month', $t_bugnote_stats_from_def_m);
-	$t_bugnote_stats_from_y = gpc_get_string('start_year', $t_bugnote_stats_from_def_y);
+	$t_bugnote_stats_from_d = gpc_get_int('start_day', $t_bugnote_stats_from_def_d);
+	$t_bugnote_stats_from_m = gpc_get_int('start_month', $t_bugnote_stats_from_def_m);
+	$t_bugnote_stats_from_y = gpc_get_int('start_year', $t_bugnote_stats_from_def_y);
 
 	$t_bugnote_stats_to_def = $t_today;
 	$t_bugnote_stats_to_def_ar = explode ( ":", $t_bugnote_stats_to_def );
@@ -61,12 +61,12 @@
 	$t_bugnote_stats_to_def_m = $t_bugnote_stats_to_def_ar[1];
 	$t_bugnote_stats_to_def_y = $t_bugnote_stats_to_def_ar[2];
 
-	$t_bugnote_stats_to_d = gpc_get_string('end_day', $t_bugnote_stats_to_def_d);
-	$t_bugnote_stats_to_m = gpc_get_string('end_month', $t_bugnote_stats_to_def_m);
-	$t_bugnote_stats_to_y = gpc_get_string('end_year', $t_bugnote_stats_to_def_y);
+	$t_bugnote_stats_to_d = gpc_get_int('end_day', $t_bugnote_stats_to_def_d);
+	$t_bugnote_stats_to_m = gpc_get_int('end_month', $t_bugnote_stats_to_def_m);
+	$t_bugnote_stats_to_y = gpc_get_int('end_year', $t_bugnote_stats_to_def_y);
 
 	$f_get_bugnote_stats_button = gpc_get_string('get_bugnote_stats_button', '');
-	$f_bugnote_cost = gpc_get_string( 'bugnote_cost', '' );
+	$f_bugnote_cost = gpc_get_int( 'bugnote_cost', '' );
 	$f_project_id = helper_get_current_project();
 
 	if ( ON == config_get( 'time_tracking_with_billing' ) ) {