Menu
▾
▴
[Tsheetx-developers] task_action.php
|
From: Clemens R. <cle...@go...> - 2012-06-06 09:48:57
|
Hi,
I am using the Trunk version of Timesheet Next Gen and noticed a
problem with task_action.php:
When I add a new task (or edit a task) and assign it to someone, this
information is not stored in the database.
I think the problem is that in task_action.php
mysql_real_escape_string($_REQUEST['assigned']) is called and this
does not work on arrays. I am on PHP 5.3.2.
I applied the following patch and it worked:
### Eclipse Workspace Patch 1.0
#P TimesheetNG
Index: task_action.php
===================================================================
--- task_action.php (revision 482)
+++ task_action.php (working copy)
@@ -8,6 +8,14 @@
exit;
}
+function array_mysql_real_escape_string($arr) {
+ function cb (&$item, $key) {
+ $item = mysql_real_escape_string($item);
+ }
+ array_walk($arr, 'cb');
+ return $arr;
+}
+
// Connect to database.
$dbh = dbConnect();
$contextUser = strtolower($_SESSION['contextUser']);
@@ -20,7 +28,7 @@
if ($action == "add" || $action == "edit") {
$name = mysql_real_escape_string($_REQUEST["name"]);
$description = mysql_real_escape_string($_REQUEST["description"]);
- $assigned = isset($_REQUEST["assigned"]) ?
mysql_real_escape_string($_REQUEST['assigned']): array();
+ $assigned = isset($_REQUEST["assigned"]) ?
array_mysql_real_escape_string($_REQUEST['assigned']): array();
$task_status = mysql_real_escape_string($_REQUEST["task_status"]);
}
I think the same problem applies to proj_action.php but haven't tested it yet.
Cheers,
Clemens
|
