Menu
▾
▴
Re: [Tsheetx-developers] task_action.php
|
From: David T. <tom...@us...> - 2012-06-07 15:32:53
|
Hey, cool that your using this version!I checked it in but haven't tested it yet, thanks for the input. I'm sure proj_action.php has the same problem (I just did a search and replace). Cheers p.s. If you want to contribute your code directly, we can arrange that.
> Date: Wed, 6 Jun 2012 11:48:51 +0200
> From: cle...@go...
> To: tsh...@li...
> Subject: [Tsheetx-developers] task_action.php
>
> Hi,
>
> I am using the Trunk version of Timesheet Next Gen and noticed a
> problem with task_action.php:
>
> When I add a new task (or edit a task) and assign it to someone, this
> information is not stored in the database.
>
> I think the problem is that in task_action.php
> mysql_real_escape_string($_REQUEST['assigned']) is called and this
> does not work on arrays. I am on PHP 5.3.2.
>
> I applied the following patch and it worked:
>
> ### Eclipse Workspace Patch 1.0
> #P TimesheetNG
> Index: task_action.php
> ===================================================================
> --- task_action.php (revision 482)
> +++ task_action.php (working copy)
> @@ -8,6 +8,14 @@
> exit;
> }
>
> +function array_mysql_real_escape_string($arr) {
> + function cb (&$item, $key) {
> + $item = mysql_real_escape_string($item);
> + }
> + array_walk($arr, 'cb');
> + return $arr;
> +}
> +
> // Connect to database.
> $dbh = dbConnect();
> $contextUser = strtolower($_SESSION['contextUser']);
> @@ -20,7 +28,7 @@
> if ($action == "add" || $action == "edit") {
> $name = mysql_real_escape_string($_REQUEST["name"]);
> $description = mysql_real_escape_string($_REQUEST["description"]);
> - $assigned = isset($_REQUEST["assigned"]) ?
> mysql_real_escape_string($_REQUEST['assigned']): array();
> + $assigned = isset($_REQUEST["assigned"]) ?
> array_mysql_real_escape_string($_REQUEST['assigned']): array();
> $task_status = mysql_real_escape_string($_REQUEST["task_status"]);
> }
>
>
> I think the same problem applies to proj_action.php but haven't tested it yet.
>
> Cheers,
>
> Clemens
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Tsheetx-developers mailing list
> Tsh...@li...
> https://lists.sourceforge.net/lists/listinfo/tsheetx-developers
|
