Menu
▾
▴
[phpBT-dev] CVS: phpbt query.php,1.98.2.4,1.98.2.5
|
From: Benjamin C. <bc...@us...> - 2004-05-03 13:00:47
|
Update of /cvsroot/phpbt/phpbt In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv17031 Modified Files: Tag: htmltemplates query.php Log Message: Added taint checking Index: query.php =================================================================== RCS file: /cvsroot/phpbt/phpbt/query.php,v retrieving revision 1.98.2.4 retrieving revision 1.98.2.5 diff -u -r1.98.2.4 -r1.98.2.5 --- query.php 2 May 2004 17:04:00 -0000 1.98.2.4 +++ query.php 3 May 2004 13:00:36 -0000 1.98.2.5 @@ -155,11 +155,11 @@ // Project/Version/Component if (!empty($projects)) { - $proj[] = "b.project_id = $projects"; - if (!empty($versions) and $versions != 'All') $proj[] = "b.version_id = $versions"; - if (!empty($closedinversion) and $closedinversion != 'All') $proj[] = "b.closed_in_version_id = $closedinversion"; - if (!empty($tobeclosedinversion) and $tobeclosedinversion != 'All') $proj[] = "b.to_be_closed_in_version_id = $tobeclosedinversion"; - if (!empty($components) and $components != 'All') $proj[] = "b.component_id = $components"; + $proj[] = "b.project_id = '$projects'"; + if (!empty($versions) and $versions != 'All') $proj[] = "b.version_id = '$versions'"; + if (!empty($closedinversion) and $closedinversion != 'All') $proj[] = "b.closed_in_version_id = '$closedinversion'"; + if (!empty($tobeclosedinversion) and $tobeclosedinversion != 'All') $proj[] = "b.to_be_closed_in_version_id = '$tobeclosedinversion'"; + if (!empty($components) and $components != 'All') $proj[] = "b.component_id = '$components'"; $query[] = '('.@join(' and ',$proj).')'; } elseif (!$perm->have_perm('Admin')) { // Filter results from hidden projects $query[] = "b.project_id not in ($restricted_projects)"; @@ -192,6 +192,11 @@ return (!empty($colvalue) ? maskemail($colvalue) : ''); case 'priority' : return $select['priority'][$colvalue]; + case 'reporter' : + case 'owner' : + case 'lastmodifier' : + return (!empty($colvalue) ? maskemail($colvalue) : ''); + break; default: return $colvalue; } } @@ -311,6 +316,9 @@ $sort = 'asc'; } } + // Taint checking + if (empty($db_headers[$order])) $order = 'bug_id'; + if (!in_array($sort, array('asc', 'desc'))) $sort = 'asc'; if (empty($_SESSION['queryinfo'])) $_SESSION['queryinfo'] = array(); $_SESSION['queryinfo']['order'] = $order; @@ -393,11 +401,15 @@ $assignedto = !empty($_GET['assignedto']) ? $_GET['assignedto'] : 0; $open = !empty($_GET['open']) ? $_GET['open'] : 0; +// Make sure the page variable is numeric, if it's populated +if (!empty($_gv['page'])) $_gv['page'] = preg_replace('/[^0-9]/', '', $_gv['page']); + + if (isset($_GET['op'])) switch($_GET['op']) { case 'query' : show_query(); break; case 'doquery' : $_SESSION['queryinfo'] = array(); list_items(); break; case 'delquery' : - if ($auth->is_authenticated()) delete_saved_query($_GET['queryid']); + if ($auth->is_authenticated()) delete_saved_query(check_id($_GET['queryid'])); else show_query(); break; case 'mybugs' : |
