Menu
▾
▴
Re: [Tsheetx-developers] task_action.php
|
From: Mark W. <ma...@rw...> - 2012-06-08 20:25:27
|
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Just for general information:<br>
<br>
For the v1.5.3 branch of code has a function already to handle this
in include/common_functions.php and is called
recursive_mysql_real_escape_string which will work with arrays and
objects.<br>
<br>
It would be worthwhile checking the relevant files in the branch to
determine if there is still the same problem.<br>
<br>
Something to note about the patch listed below is that it is
supposedly not good practice to use nested functions in PHP. <br>
<br>
There is a stack overflow discussion about it here:
<a class="moz-txt-link-freetext" href="http://stackoverflow.com/questions/1631535/php-function-inside-function">http://stackoverflow.com/questions/1631535/php-function-inside-function</a><br>
<br>
Good work on identifying the problem Clemens!<br>
<br>
Regards<br>
<br>
Mark<br>
<pre class="moz-signature" cols="72">_____________________________________________
Mob: 07725 695178
Email: <a class="moz-txt-link-abbreviated" href="mailto:ma...@rw...">ma...@rw...</a></pre>
<br>
On 07/06/2012 16:32, David Thompson wrote:
<blockquote cite="mid:BAY...@ph..."
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
<div dir="ltr">
Hey, cool that your using this version!<br>
I checked it in but haven't tested it yet, thanks for the input.<br>
<br>
I'm sure proj_action.php has the same problem (I just did a
search and replace).<br>
<br>
Cheers<br>
<br>
p.s. If you want to contribute your code directly, we can
arrange that.<br>
<br>
<div>> Date: Wed, 6 Jun 2012 11:48:51 +0200<br>
> From: <a class="moz-txt-link-abbreviated" href="mailto:cle...@go...">cle...@go...</a><br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:tsh...@li...">tsh...@li...</a><br>
> Subject: [Tsheetx-developers] task_action.php<br>
> <br>
> Hi,<br>
> <br>
> I am using the Trunk version of Timesheet Next Gen and
noticed a<br>
> problem with task_action.php:<br>
> <br>
> When I add a new task (or edit a task) and assign it to
someone, this<br>
> information is not stored in the database.<br>
> <br>
> I think the problem is that in task_action.php<br>
> mysql_real_escape_string($_REQUEST['assigned']) is called
and this<br>
> does not work on arrays. I am on PHP 5.3.2.<br>
> <br>
> I applied the following patch and it worked:<br>
> <br>
> ### Eclipse Workspace Patch 1.0<br>
> #P TimesheetNG<br>
> Index: task_action.php<br>
>
===================================================================<br>
> --- task_action.php (revision 482)<br>
> +++ task_action.php (working copy)<br>
> @@ -8,6 +8,14 @@<br>
> exit;<br>
> }<br>
> <br>
> +function array_mysql_real_escape_string($arr) {<br>
> + function cb (&$item, $key) {<br>
> + $item = mysql_real_escape_string($item);<br>
> + }<br>
> + array_walk($arr, 'cb');<br>
> + return $arr;<br>
> +}<br>
> +<br>
> // Connect to database.<br>
> $dbh = dbConnect();<br>
> $contextUser = strtolower($_SESSION['contextUser']);<br>
> @@ -20,7 +28,7 @@<br>
> if ($action == "add" || $action == "edit") {<br>
> $name = mysql_real_escape_string($_REQUEST["name"]);<br>
> $description =
mysql_real_escape_string($_REQUEST["description"]);<br>
> - $assigned = isset($_REQUEST["assigned"]) ?<br>
> mysql_real_escape_string($_REQUEST['assigned']): array();<br>
> + $assigned = isset($_REQUEST["assigned"]) ?<br>
> array_mysql_real_escape_string($_REQUEST['assigned']):
array();<br>
> $task_status =
mysql_real_escape_string($_REQUEST["task_status"]);<br>
> }<br>
> <br>
> <br>
> I think the same problem applies to proj_action.php but
haven't tested it yet.<br>
> <br>
> Cheers,<br>
> <br>
> Clemens<br>
> <br>
>
------------------------------------------------------------------------------<br>
> Live Security Virtual Conference<br>
> Exclusive live event will cover all the ways today's
security and <br>
> threat landscape has changed and how IT managers can
respond. Discussions <br>
> will include endpoint security, mobile security and the
latest in malware <br>
> threats.
<a class="moz-txt-link-freetext" href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a><br>
> _______________________________________________<br>
> Tsheetx-developers mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:Tsh...@li...">Tsh...@li...</a><br>
>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/tsheetx-developers">https://lists.sourceforge.net/lists/listinfo/tsheetx-developers</a><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. <a class="moz-txt-link-freetext" href="http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/">http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/</a></pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Tsheetx-developers mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Tsh...@li...">Tsh...@li...</a>
<a class="moz-txt-link-freetext" href="https://lists.sourceforge.net/lists/listinfo/tsheetx-developers">https://lists.sourceforge.net/lists/listinfo/tsheetx-developers</a>
</pre>
</blockquote>
</body>
</html>
|
