r1560: In vote.php, we sanitize the vote value as UINT when it should be INT to allow...

author Robert Sesek <rsesek@bluestatic.org>

Wed, 27 Jun 2007 08:10:21 +0000 (08:10 +0000)

committer Robert Sesek <rsesek@bluestatic.org>

Wed, 27 Jun 2007 08:10:21 +0000 (08:10 +0000)
author Robert Sesek <rsesek@bluestatic.org>
Wed, 27 Jun 2007 08:10:21 +0000 (08:10 +0000)
committer Robert Sesek <rsesek@bluestatic.org>
Wed, 27 Jun 2007 08:10:21 +0000 (08:10 +0000)
diff --git a/docs/changes.txt b/docs/changes.txt

index c0a5c46a4f80e2e500d07d1d31d8b03222acaa7c..2c3ba158a7b4d90ed12c4896b3bf89cf489202f9 100644 (file)
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -2,6 +2,7 @@
  ===============================
  - Fixed: In userctrl_search.tpl, the floated elements need to be before unfloated ones otherwise Gecko engine offsets it by a line
  - Fixed: Closed a SQL injection vector in register.php
+- Fixed: Users could not vote against a bug due to too tight sanitization (bug://report/84)
  
  1.2.0 Release Candidate 1
  ===============================
diff --git a/vote.php b/vote.php

index 3955e46311adfafa277ec39910f220dae5c29811..2c9e0fefec1b957edcdccae0de288eb6d774d67c 100644 (file)
--- a/vote.php
+++ b/vote.php
@@ -73,7 +73,7 @@ if ($_REQUEST['do'] == 'vote')
                 }
         }
         
-       $uservote = $bugsys->input_clean('vote', TYPE_UINT);
+       $uservote = $bugsys->input_clean('vote', TYPE_INT);
         
         $votefor = $vote['votefor'];
         $voteagainst = $vote['voteagainst'];
author	Robert Sesek <rsesek@bluestatic.org>
	Wed, 27 Jun 2007 08:10:21 +0000 (08:10 +0000)
committer	Robert Sesek <rsesek@bluestatic.org>
	Wed, 27 Jun 2007 08:10:21 +0000 (08:10 +0000)
docs/changes.txt		patch \| blob \| history
vote.php		patch \| blob \| history