From 959b04f023c2f87856cdeae3b19da158bfbef404 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Wed, 4 May 2005 16:55:06 +0000 Subject: [PATCH] r72: Finished new input system for: admin/ - severity.php - options.php - product.php - priority.php - resolution.php --- admin/options.php | 2 +- admin/priority.php | 15 ++++-------- admin/product.php | 58 +++++++++++++++----------------------------- admin/resolution.php | 16 ++++-------- admin/severity.php | 15 ++++-------- 5 files changed, 35 insertions(+), 71 deletions(-) diff --git a/admin/options.php b/admin/options.php index e14c791..45a7401 100755 --- a/admin/options.php +++ b/admin/options.php @@ -34,7 +34,7 @@ if ($_POST['do'] == 'update') foreach ($settings AS $varname => $value) { - $db->query("REPLACE INTO " . TABLE_PREFIX . "setting (varname, value) VALUES ('" . addslasheslike(trim($varname)) . "', '" . addslasheslike(trim($value)) . "')"); + $db->query("REPLACE INTO " . TABLE_PREFIX . "setting (varname, value) VALUES ('" . $bugsys->escape($varname) . "', '" . $bugsys->escape($value) . "')"); } build_settings(); diff --git a/admin/priority.php b/admin/priority.php index c26be9e..7e53eb9 100755 --- a/admin/priority.php +++ b/admin/priority.php @@ -29,8 +29,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - sanitize(array('priorityid' => INT)); - $db->query("DELETE FROM " . TABLE_PREFIX . "priority WHERE priorityid = $vars[priorityid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "priority WHERE priorityid = " . intval($bugsys->in['priorityid'])); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -39,8 +38,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - sanitize(array('priorityid' => INT)); - $admin->page_confirm(phrase('confirm_delete_priority'), 'priority.php?do=kill&priorityid=' . $vars['priorityid']); + $admin->page_confirm(phrase('confirm_delete_priority'), 'priority.php?do=kill&priorityid=' . intval($bugsys->in['priorityid'])); } // ################################################################### @@ -48,7 +46,7 @@ if ($_REQUEST['do'] == 'delete') if ($_POST['do'] == 'insert') { sanitize(array('priority' => STR, 'displayorder' => INT)); - $db->query("INSERT INTO " . TABLE_PREFIX . "priority (priority, displayorder) VALUES ('" . addslasheslike($vars['priority']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "priority (priority, displayorder) VALUES ('" . $bugsys->in['priority'] . "'," . intval($bugsys->in['displayorder']) . ")"); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -75,8 +73,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - sanitize(array('priorityid' => INT, 'priority' => STR, 'displayorder' => INT)); - $db->query("UPDATE " . TABLE_PREFIX . "priority SET priority = '" . addslasheslike($vars['priority']) . "', displayorder = $vars[displayorder] WHERE priorityid = $vars[priorityid]"); + $db->query("UPDATE " . TABLE_PREFIX . "priority SET priority = '" . $bugsys->in['priority'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE priorityid = " . intval($bugsys->in['priorityid'])); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -85,9 +82,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - sanitize(array('priorityid' => INT)); - - $priority = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "priority WHERE priorityid = $vars[priorityid]"); + $priority = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "priority WHERE priorityid = " . intval($bugsys->in['priorityid'])); if (!is_array($priority)) { $admin->error('-1'); diff --git a/admin/product.php b/admin/product.php index 5fd629f..21a7981 100755 --- a/admin/product.php +++ b/admin/product.php @@ -64,9 +64,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'killversion') { - sanitize(array('versionid' => INT)); - - $db->query("DELETE FROM " . TABLE_PREFIX . "version WHERE versionid = $vars[versionid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "version WHERE versionid = " . intval($bugsys->in['versionid'])); // #*# figure out what we do with bugs build_versions(); @@ -78,16 +76,14 @@ if ($_REQUEST['do'] == 'killversion') if ($_REQUEST['do'] == 'deleteversion') { - sanitize(array('versionid' => INT)); - $admin->page_confirm(phrase('confirm_delete_version'), 'product.php?do=killversion&versionid=' . $vars['versionid']); + $admin->page_confirm(phrase('confirm_delete_version'), 'product.php?do=killversion&versionid=' . intval($bugsys->in['versionid'])); } // ################################################################### if ($_REQUEST['do'] == 'insertversion') { - sanitize(array('productid' => INT, 'version' => STR, 'displayorder' => INT)); - $db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES ($vars[productid], '" . addslasheslike($vars['version']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES (" . intval($bugsys->in['productid']) . ", '" . $bugsys->in['version'] . "', " . intval($bugsys->in['displayorder']) . ")"); build_versions(); $admin->redirect('product.php?do=modify'); } @@ -96,13 +92,11 @@ if ($_REQUEST['do'] == 'insertversion') if ($_REQUEST['do'] == 'addversion') { - sanitize(array('productid' => INT)); - $admin->page_start(phrase('add_version')); - if ($vars['productid'] != -1) + if ($bugsys->in['productid'] != -1) { - $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid]"); + $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . intval($bugsys->in['productid'])); if (!is_array($product)) { $admin->error('-1'); @@ -110,7 +104,7 @@ if ($_REQUEST['do'] == 'addversion') } else { - $vars['productid'] = 0; + $bugsys->in['productid'] = 0; } $admin->form_start('product.php', 'insertversion'); @@ -130,14 +124,12 @@ if ($_REQUEST['do'] == 'addversion') if ($_REQUEST['do'] == 'updateversion') { - sanitize(array('versionid' => INT, 'version' => STR, 'displayorder' => INT)); - - if (empty($vars['version'])) + if (empty($bugsys->in['version'])) { $admin->error(phrase('fill_in_version_number')); } - $db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . addslasheslike($vars['version']) . "', displayorder = $vars[displayorder] WHERE versionid = $vars[versionid]"); + $db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . $bugsys->in['version'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE versionid = " . intval($bugsys->in['versionid'])); build_versions(); $admin->redirect('product.php?do=modify'); @@ -147,11 +139,9 @@ if ($_REQUEST['do'] == 'updateversion') if ($_REQUEST['do'] == 'editversion') { - sanitize(array('versionid' => INT)); - $admin->page_start(phrase('edit_version')); - $version = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "version WHERE versionid = $vars[versionid]"); + $version = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "version WHERE versionid = " . intval($bugsys->in['versionid'])); if (!is_array($version)) { $admin->error('-1'); @@ -174,9 +164,7 @@ if ($_REQUEST['do'] == 'editversion') if ($_REQUEST['do'] == 'killproduct') { - sanitize(array('productid' => INT)); - - $allprods = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid] OR componentmother = $vars[productid]"); + $allprods = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . intval($bugsys->in['productid']) . " OR componentmother = " . intval($bugsys->in['productid'])); while ($prod = $db->fetch_array($allprods)) { $list[] = $prod['productid']; @@ -195,8 +183,7 @@ if ($_REQUEST['do'] == 'killproduct') if ($_REQUEST['do'] == 'deleteproduct') { - sanitize(array('productid' => INT)); - $admin->page_confirm(phrase('confirm_delete_product'), 'product.php?do=killproduct&productid=' . $vars['productid']); + $admin->page_confirm(phrase('confirm_delete_product'), 'product.php?do=killproduct&productid=' . intval($bugsys->in['productid'])); } // ################################################################### @@ -205,7 +192,7 @@ if ($_REQUEST['do'] == 'insertproduct') { sanitize(array('shortname' => STR, 'title' => STR, 'componentmother' => INT, 'description' => STR, 'displayorder' => INT)); - if (empty($vars['shortname']) OR empty($vars['title'])) + if (empty($bugsys->in['shortname']) OR empty($bugsys->in['title'])) { $admin->error(phrase('go_back_and_fill_both_fields')); } @@ -214,8 +201,8 @@ if ($_REQUEST['do'] == 'insertproduct') INSERT INTO " . TABLE_PREFIX . "product (shortname, title, componentmother, description, displayorder) VALUES - ('" . addslasheslike($vars['shortname']) . "', '" . addslasheslike($vars['title']) . "', - $vars[componentmother], '" . addslasheslike($vars['description']) . "', $vars[displayorder])" + ('" . $bugsys->in['shortname'] . "', '" . $bugsys->in['title'] . "', + " . intval($bugsys->in['componentmother']) . ", '" . $bugsys->in['description'] . "', " . intval($bugsys->in['displayorder']) . ")" ); build_products(); @@ -226,12 +213,10 @@ if ($_REQUEST['do'] == 'insertproduct') if ($_REQUEST['do'] == 'addproduct') { - sanitize(array('productid' => INT)); - $admin->page_start(phrase('add_new_product')); $admin->form_start('product.php', 'insertproduct'); - $admin->form_hidden_field('componentmother', $vars['productid']); + $admin->form_hidden_field('componentmother', intval($bugsys->in['productid'])); $admin->table_start(); $admin->table_head(phrase('add_product')); $admin->row_input(phrase('product_shortname'), 'shortname'); @@ -249,19 +234,17 @@ if ($_REQUEST['do'] == 'addproduct') if ($_REQUEST['do'] == 'updateproduct') { - sanitize(array('productid' => INT, 'title' => STR, 'shortname' => STR, 'description' => STR, 'displayorder' => INT)); - - if (empty($vars['shortname']) OR empty($vars['title'])) + if (empty($bugsys->in['shortname']) OR empty($bugsys->in['title'])) { $admin->error(phrase('go_back_and_fill_both_fields')); } - if (empty($vars['productid'])) + if (empty($bugsys->in['productid'])) { $admin->error('-1'); } - $db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . addslasheslike($vars['title']) . "', shortname = '" . addslasheslike($vars['shortname']) . "', description = '" . addslasheslike($vars['description']) . "', displayorder = $vars[displayorder] WHERE productid = $vars[productid]"); + $db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . $bugsys->in['title'] . "', shortname = '" . $bugsys->in['shortname'] . "', description = '" . $bugsys->in['description'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE productid = " . intval($bugsys->in['productid'])); build_products(); $admin->redirect('product.php?do=modify'); @@ -271,12 +254,9 @@ if ($_REQUEST['do'] == 'updateproduct') if ($_REQUEST['do'] == 'editproduct') { - sanitize(array('productid' => INT)); - $admin->page_start(phrase('edit_product')); - $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = $vars[productid]"); - + $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . intval($bugsys->in['productid'])); if (!is_array($product)) { $admin->error('-1'); diff --git a/admin/resolution.php b/admin/resolution.php index cbe95cd..69caa2d 100755 --- a/admin/resolution.php +++ b/admin/resolution.php @@ -29,8 +29,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - sanitize(array('resolutionid' => INT)); - $db->query("DELETE FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = $vars[resolutionid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = " . intval($bugsys->in['resolutionid'])); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -39,16 +38,14 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - sanitize(array('resolutionid' => INT)); - $admin->page_confirm(phrase('confirm_delete_resolution'), 'resolution.php?do=kill&resolutionid=' . $vars['resolutionid']); + $admin->page_confirm(phrase('confirm_delete_resolution'), 'resolution.php?do=kill&resolutionid=' . intval($bugsys->in['resolutionid'])); } // ################################################################### if ($_POST['do'] == 'insert') { - sanitize(array('resolution' => STR, 'displayorder' => INT)); - $db->query("INSERT INTO " . TABLE_PREFIX . "resolution (resolution, displayorder) VALUES ('" . addslasheslike($vars['resolution']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "resolution (resolution, displayorder) VALUES ('" . $bugsys->in['resolution'] . "', " . intval($bugsys->in['displayorder']) . ")"); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -75,8 +72,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - sanitize(array('resolutionid' => INT, 'resolution' => STR, 'displayorder' => INT)); - $db->query("UPDATE " . TABLE_PREFIX . "resolution SET resolution = '" . addslasheslike($vars['resolution']) . "', displayorder = $vars[displayorder] WHERE resolutionid = $vars[resolutionid]"); + $db->query("UPDATE " . TABLE_PREFIX . "resolution SET resolution = '" . $bugsys->in['resolution'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE resolutionid = " . intval($bugsys->in['resolutionid'])); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -85,9 +81,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - sanitize(array('resolutionid' => INT)); - - $resolution = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = $vars[resolutionid]"); + $resolution = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = " . intval($bugsys->in['resolutionid'])); if (!is_array($resolution)) { $admin->error('-1'); diff --git a/admin/severity.php b/admin/severity.php index 2c6776e..64e9d28 100755 --- a/admin/severity.php +++ b/admin/severity.php @@ -29,8 +29,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - sanitize(array('severityid' => INT)); - $db->query("DELETE FROM " . TABLE_PREFIX . "severity WHERE severityid = $vars[severityid]"); + $db->query("DELETE FROM " . TABLE_PREFIX . "severity WHERE severityid = " . intval($bugsys->in['serverityid'])); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -39,16 +38,14 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - sanitize(array('severityid' => INT)); - $admin->page_confirm(phrase('confirm_delete_severity'), 'severity.php?do=kill&severityid=' . $vars['severityid']); + $admin->page_confirm(phrase('confirm_delete_severity'), 'severity.php?do=kill&severityid=' . intval($bugsys->in['severityid'])); } // ################################################################### if ($_POST['do'] == 'insert') { - sanitize(array('severity' => STR, 'displayorder' => INT)); - $db->query("INSERT INTO " . TABLE_PREFIX . "severity (severity, displayorder) VALUES ('" . addslasheslike($vars['severity']) . "', $vars[displayorder])"); + $db->query("INSERT INTO " . TABLE_PREFIX . "severity (severity, displayorder) VALUES ('" . $bugsys->in['severity'] . "', " . intval($bugsys->in['displayorder']) . ")"); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -76,7 +73,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { sanitize(array('severityid' => INT, 'severity' => STR, 'displayorder' => INT)); - $db->query("UPDATE " . TABLE_PREFIX . "severity SET severity = '" . addslasheslike($vars['severity']) . "', displayorder = $vars[displayorder] WHERE severityid = $vars[severityid]"); + $db->query("UPDATE " . TABLE_PREFIX . "severity SET severity = '" . $bugsys->in['severity'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE severityid = " . intval($bugsys->in['severityid'])); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -85,9 +82,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - sanitize(array('severityid' => INT)); - - $severity = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "severity WHERE severityid = $vars[severityid]"); + $severity = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "severity WHERE severityid = " . intval($bugsys->in['severityid'])); if (!is_array($severity)) { $admin->error('-1'); -- 2.22.5