[phpBT-dev] CVS: phpbt bug.php,1.134.2.2,1.134.2.3

[Benjamin C. <bc...@us...>]

Update of /cvsroot/phpbt/phpbt
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16697

Modified Files:
      Tag: htmltemplates
	bug.php 
Log Message:
Added taint checking

Index: bug.php
===================================================================
RCS file: /cvsroot/phpbt/phpbt/bug.php,v
retrieving revision 1.134.2.2
retrieving revision 1.134.2.3
diff -u -r1.134.2.2 -r1.134.2.3
--- bug.php	1 Sep 2003 13:40:09 -0000	1.134.2.2
+++ bug.php	3 May 2004 12:59:59 -0000	1.134.2.3
@@ -89,8 +89,7 @@
 		'<a href="'.CVS_WEB.'\\1#rev\\4" target="_new">\\1</a>\\5' // external link to cvs web interface
 		);
 
-	return preg_replace($patterns, $replacements,
-		stripslashes($comments));
+	return preg_replace($patterns, $replacements, stripslashes($comments));
 }
 
 ///
@@ -522,7 +521,7 @@
 function show_form($bugid = 0, $error = '') {
 	global $db, $t;
 
-	$projectname = $db->getOne("select project_name from ".TBL_PROJECT." where project_id = {$_GET['project']}");
+	$projectname = $db->getOne("select project_name from ".TBL_PROJECT." where project_id = '{$_GET['project']}'");
 	if ($bugid && !$error) {
 		$t->assign($db->getRow("select * from ".TBL_BUG." where bug_id = '$bugid'"));
 	} else {
@@ -679,7 +678,7 @@
 if (!empty($_REQUEST['op'])) {
 	switch($_REQUEST['op']) {
 		case 'history':
-			show_history($_GET['bugid']);
+			show_history(check_id($_GET['bugid']));
 			break;
 		case 'add':
 			$perm->check('Editbug');
@@ -690,22 +689,22 @@
 			}
 			break;
 		case 'show':
-			show_bug($_GET['bugid']);
+			show_bug(check_id($_GET['bugid']));
 			break;
 		case 'update':
-			update_bug($_POST['bugid']);
+			update_bug(check_id($_POST['bugid']));
 			break;
 		case 'do':
-			do_form($_POST['bugid']);
+			do_form(check_id($_POST['bugid']));
 			break;
 		case 'print':
-			show_bug_printable($_GET['bugid']);
+			show_bug_printable(check_id($_GET['bugid']));
 			break;
 		case 'vote':
-			vote_bug($_GET['bugid']);
+			vote_bug(check_id($_GET['bugid']));
 			break;
 		case 'viewvotes':
-			vote_view($_GET['bugid']);
+			vote_view(check_id($_GET['bugid']));
 			break;
 	}
 } else {