/*=====================================================================*\
|| ###################################################################
|| # Bugdar [#]version[#]
-|| # Copyright ©2002-[#]year[#] Blue Static
+|| # Copyright 2002-[#]year[#] Blue Static
|| #
|| # This program is free software; you can redistribute it and/or modify
|| # it under the terms of the GNU General Public License as published by
{
// force email or name?? make a distinction?
// more elegant way to do this? probably
- $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . str_replace('%', '\%', $bugsys->in['reporter']) . "' OR displayname LIKE '%" . str_replace('%', '\%', $bugsys->in['reporter']) . "%'");
+ $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email LIKE '%" . str_replace('%', '\%', $bugsys->input_escape('reporter')) . "' OR displayname LIKE '%" . str_replace('%', '\%', $bugsys->input_escape('reporter')) . "%'");
if ($user['userid'])
{
$querybuild['reporter'] = "AND bug.userid = $user[userid] OR comment.userid = $user[userid]";
if ($bugsys->in['severity'])
{
$bugsys->input_clean('severity', TYPE_UINT);
- $querybuild['severity'] = "AND bug.severity IN (" . implode(',', $bugsys->in['severity']) . ")";
+ $querybuild['severity'] = "AND bug.severity IN (" . $bugsys->clean(implode(',', $bugsys->in['severity']), TYPE_UINT) . ")";
}
// priority
if ($bugsys->in['priority'])
{
$bugsys->input_clean('priority', TYPE_UINT);
- $querybuild['priority'] = "AND bug.priority IN (" . implode(',', $bugsys->in['priority']) . ")";
+ $querybuild['priority'] = "AND bug.priority IN (" . $bugsys->clean(implode(',', $bugsys->in['priority']), TYPE_UINT) . ")";
}
// status
if ($bugsys->in['status'])
{
$bugsys->input_clean('status', TYPE_UINT);
- $querybuild['status'] = "AND bug.status IN (" . implode(',', $bugsys->in['status']) . ")";
+ $querybuild['status'] = "AND bug.status IN (" . $bugsys->clean(implode(',', $bugsys->in['status']), TYPE_UINT) . ")";
}
// resolution
if ($bugsys->in['resolution'])
{
$bugsys->input_clean('resolution', TYPE_UINT);
- $querybuild['resolution'] = "AND bug.resolution IN (" . implode(',', $bugsys->in['resolution']) . ")";
+ $querybuild['resolution'] = "AND bug.resolution IN (" . $bugsys->clean(implode(',', $bugsys->in['resolution']), TYPE_UINT) . ")";
}
// assignment
if ($bugsys->in['assignedto'])
{
$bugsys->input_clean('assignedto', TYPE_UINT);
- $querybuild['assignedto'] = "AND bug.assignedto IN (" . implode(',', $bugsys->in['assignedto']) . ")";
+ $querybuild['assignedto'] = "AND bug.assignedto IN (" . $bugsys->clean(implode(',', $bugsys->in['assignedto']), TYPE_UINT) . ")";
}
// -------------------------------------------------------------------