r75: Fixed some remnants of the $vars[] sanitize methods.

diff --git a/admin/product.php b/admin/product.php
index 21a7981e04d43c4f8ba9ab9fdb8b9484b1a11ada..08c5b5b28a0039c550d66369cc3f5b26a8d8a588 100755 (executable)
--- a/admin/product.php
+++ b/admin/product.php
@@ -108,7 +108,7 @@ if ($_REQUEST['do'] == 'addversion')
        }
        
        $admin->form_start('product.php', 'insertversion');
-       $admin->form_hidden_field('productid', $vars['productid']);
+       $admin->form_hidden_field('productid', intval($bugsys->in['productid']));
        $admin->table_start();
        $admin->table_head(phrase('add_new_version'));
        $admin->row_input(phrase('version_title'), 'version');

diff --git a/editcomment.php b/editcomment.php
index f06c9fb3c60c8089cb230ff1277e57b7e0735299..e42cd47a007aabc3d550e385b0bc50f56c12ffa5 100644 (file)
--- a/editcomment.php
+++ b/editcomment.php
@@ -74,14 +74,14 @@ if ($_POST['do'] == 'update')
        
        if (!$bugsys->options['allowhtml'])
        {
-               $vars['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
+               $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
        }
        
        $db->query("
                UPDATE " . TABLE_PREFIX . "comment
                SET comment = '" . $bugsys->in['comment'] . "',
                        comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "'
-               WHERE commentid = $vars[commentid]"
+               WHERE commentid = $comment[commentid]"
        );
        
        echo "<a href=\"showreport.php?bugid=$bug[bugid]\">comment saved</a>";

diff --git a/editreport.php b/editreport.php
index 1c2f5ec67a00a03da6bda257439c17777549bd39..5ff65456a46db356b32dd87d147d142a6fd9a79e 100644 (file)
--- a/editreport.php
+++ b/editreport.php
@@ -89,7 +89,7 @@ if ($_POST['do'] == 'update')
                WHERE bugid = $bug[bugid]"
        );
        
-       if ($vars['changeproduct'])
+       if ($bugsys->in['changeproduct'])
        {
                $_REQUEST['do'] = 'editproduct';
        }

diff --git a/newcomment.php b/newcomment.php
index 9f3e4ea37df7094f278b612d145eb92d38bfea29..ae198fa32d7c73bcf3cd600b17784e1f55f8aa99 100644 (file)
--- a/newcomment.php
+++ b/newcomment.php
@@ -37,7 +37,7 @@ if ($_POST['do'] == 'insert')
        
        if (!$bugsys->options['allowhtml'])
        {
-               $vars['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
+               $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']);
        }
        
        $time = time();
@@ -46,7 +46,7 @@ if ($_POST['do'] == 'insert')
                INSERT INTO " . TABLE_PREFIX . "comment
                        (bugid, userid, dateline, comment, comment_parsed)
                VALUES
-                       ($vars[bugid], " . $bugsys->userinfo['userid'] . ",
+                       (" . intval($bugsys->in['bugid']) . ", " . $bugsys->userinfo['userid'] . ",
                        $time, '" . $bugsys->in['comment'] . "',
                        '" . nl2br($bugsys->in['comment_parsed']) . "'
                )"