From 5ed8e6d2a732dade003a0fa131308b87eecddc38 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Tue, 1 Aug 2006 06:49:10 +0000
Subject: [PATCH] r1017: Making sure all input is properly escaped

---
 admin/product.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/admin/product.php b/admin/product.php
index 8e2867a..3c4e92f 100755
--- a/admin/product.php
+++ b/admin/product.php
@@ -101,7 +101,7 @@ if ($_REQUEST['do'] == 'deleteversion')
 
 if ($_REQUEST['do'] == 'insertversion')
 {
-	$db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES (" . $bugsys->input_clean('productid', TYPE_UINT) . ", '" . $bugsys->in['version'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . ")");
+	$db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES (" . $bugsys->input_clean('productid', TYPE_UINT) . ", '" . $bugsys->input_escape('version') . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . ")");
 	build_versions();
 	$admin->redirect('product.php?do=modify');
 }
@@ -150,7 +150,7 @@ if ($_REQUEST['do'] == 'updateversion')
 		$admin->error($lang->string('Please fill in a version number.'));
 	}
 	
-	$db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . $bugsys->in['version'] . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE versionid = " . $bugsys->input_clean('versionid', TYPE_UINT));
+	$db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . $bugsys->input_escape('version') . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE versionid = " . $bugsys->input_clean('versionid', TYPE_UINT));
 	build_versions();
 	
 	$admin->redirect('product.php?do=modify');
@@ -221,8 +221,8 @@ if ($_REQUEST['do'] == 'insertproduct')
 		INSERT INTO " . TABLE_PREFIX . "product
 			(title, componentmother, description, displayorder)
 		VALUES
-			('" . $bugsys->in['title'] . "', " . $bugsys->input_clean('componentmother', TYPE_UINT) . ",
-			'" . $bugsys->in['description'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . "
+			('" . $bugsys->input_escape('title') . "', " . $bugsys->input_clean('componentmother', TYPE_UINT) . ",
+			'" . $bugsys->input_escape('description') . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . "
 		)"
 	);
 	build_products();
@@ -274,7 +274,7 @@ if ($_REQUEST['do'] == 'updateproduct')
 		$admin->error($lang->getlex('error_invalid_id'));
 	}
 	
-	$db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . $bugsys->in['title'] . "', description = '" . $bugsys->in['description'] . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE productid = " . $bugsys->input_clean('productid', TYPE_UINT));
+	$db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . $bugsys->input_escape('title') . "', description = '" . $bugsys->input_escape('description') . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE productid = " . $bugsys->input_clean('productid', TYPE_UINT));
 	build_products();
 	
 	$admin->redirect('product.php?do=modify');
-- 
2.22.5