r1269: We were a little overzealous in our security checking last time and we added...

diff --git a/docs/changes.txt b/docs/changes.txt
index 3341ef0037af642c0ff47cb87c4256d9e7ca9596..0c8d7ac42fbf886c67a21358f9373ba587ff1a2f 100644 (file)
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -2,6 +2,7 @@
 ===============================
 - Time zones with half-hours are not saved because the field only allows INTs (http://www.bluestatic.org/bugs/showreport.php?bugid=38)
 - Fixed a SQL error received upon deleting a resolution (http://www.bluestatic.org/bugs/showreport.php?bugid=40)
+- When searching and selecting multiple items for a field, only the first one is used in the search (http://www.bluestatic.org/bugs/showreport.php?bugid=39)
 
 1.1.3
 ===============================

diff --git a/search.php b/search.php
index dc9df7e320fd6f8fe22ba18338118d5862ad24c1..1b9dd821c4e95c9f7f625492ef776d21698a239d 100644 (file)
--- a/search.php
+++ b/search.php
@@ -138,35 +138,35 @@ if ($_REQUEST['do'] == 'process')
        if ($bugsys->in['severity'])
        {
                $bugsys->input_clean('severity', TYPE_UINT);
-               $querybuild['severity'] = "AND bug.severity IN (" . $bugsys->clean(implode(',', $bugsys->in['severity']), TYPE_UINT) . ")";
+               $querybuild['severity'] = "AND bug.severity IN (" . implode(',', $bugsys->in['severity']) . ")";
        }
        
        // priority
        if ($bugsys->in['priority'])
        {
                $bugsys->input_clean('priority', TYPE_UINT);
-               $querybuild['priority'] = "AND bug.priority IN (" . $bugsys->clean(implode(',', $bugsys->in['priority']), TYPE_UINT) . ")";
+               $querybuild['priority'] = "AND bug.priority IN (" . implode(',', $bugsys->in['priority']) . ")";
        }
        
        // status
        if ($bugsys->in['status'])
        {
                $bugsys->input_clean('status', TYPE_UINT);
-               $querybuild['status'] = "AND bug.status IN (" . $bugsys->clean(implode(',', $bugsys->in['status']), TYPE_UINT) . ")";
+               $querybuild['status'] = "AND bug.status IN (" . implode(',', $bugsys->in['status']) . ")";
        }
        
        // resolution
        if ($bugsys->in['resolution'])
        {
                $bugsys->input_clean('resolution', TYPE_UINT);
-               $querybuild['resolution'] = "AND bug.resolution IN (" . $bugsys->clean(implode(',', $bugsys->in['resolution']), TYPE_UINT) . ")";
+               $querybuild['resolution'] = "AND bug.resolution IN (" . implode(',', $bugsys->in['resolution']) . ")";
        }
        
        // assignment
        if ($bugsys->in['assignedto'])
        {
                $bugsys->input_clean('assignedto', TYPE_UINT);
-               $querybuild['assignedto'] = "AND bug.assignedto IN (" . $bugsys->clean(implode(',', $bugsys->in['assignedto']), TYPE_UINT) . ")";
+               $querybuild['assignedto'] = "AND bug.assignedto IN (" . implode(',', $bugsys->in['assignedto']) . ")";
        }
        
        // -------------------------------------------------------------------