From: Glenn H. <thr...@us...> - 2006-04-06 00:28:58
|
Update of /cvsroot/mantisbt/mantisbt In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv11107 Modified Files: Tag: BRANCH_1_0_0 view_all_set.php Log Message: fix for #0006902: XSS in mantis bug track system .... Index: view_all_set.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/view_all_set.php,v retrieving revision 1.57.4.1.2.1 retrieving revision 1.57.4.1.2.1.4.1 diff -u -d -r1.57.4.1.2.1 -r1.57.4.1.2.1.4.1 --- view_all_set.php 18 Dec 2005 14:22:02 -0000 1.57.4.1.2.1 +++ view_all_set.php 6 Apr 2006 00:28:52 -0000 1.57.4.1.2.1.4.1 @@ -152,12 +152,12 @@ $f_dir_1 = gpc_get_string( 'dir_1', '' ); # date values - $f_start_month = gpc_get_string( 'start_month', date( 'm' ) ); - $f_end_month = gpc_get_string( 'end_month', date( 'm' ) ); - $f_start_day = gpc_get_string( 'start_day', 1 ); - $f_end_day = gpc_get_string( 'end_day', date( 'd' ) ); - $f_start_year = gpc_get_string( 'start_year', date( 'Y' ) ); - $f_end_year = gpc_get_string( 'end_year', date( 'Y' ) ); + $f_start_month = gpc_get_int( 'start_month', date( 'm' ) ); + $f_end_month = gpc_get_int( 'end_month', date( 'm' ) ); + $f_start_day = gpc_get_int( 'start_day', 1 ); + $f_end_day = gpc_get_int( 'end_day', date( 'd' ) ); + $f_start_year = gpc_get_int( 'start_year', date( 'Y' ) ); + $f_end_year = gpc_get_int( 'end_year', date( 'Y' ) ); $f_search = gpc_get_string( 'search', '' ); $f_and_not_assigned = gpc_get_bool( 'and_not_assigned' ); $f_do_filter_by_date = gpc_get_bool( 'do_filter_by_date' ); |