From a86cef5941ef751626f6043c61b4a2fbc7b5abde Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Wed, 4 May 2005 23:14:21 +0000 Subject: [PATCH] r75: Fixed some remnants of the $vars[] sanitize methods. --- admin/product.php | 2 +- editcomment.php | 4 ++-- editreport.php | 2 +- newcomment.php | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/admin/product.php b/admin/product.php index 21a7981..08c5b5b 100755 --- a/admin/product.php +++ b/admin/product.php @@ -108,7 +108,7 @@ if ($_REQUEST['do'] == 'addversion') } $admin->form_start('product.php', 'insertversion'); - $admin->form_hidden_field('productid', $vars['productid']); + $admin->form_hidden_field('productid', intval($bugsys->in['productid'])); $admin->table_start(); $admin->table_head(phrase('add_new_version')); $admin->row_input(phrase('version_title'), 'version'); diff --git a/editcomment.php b/editcomment.php index f06c9fb..e42cd47 100644 --- a/editcomment.php +++ b/editcomment.php @@ -74,14 +74,14 @@ if ($_POST['do'] == 'update') if (!$bugsys->options['allowhtml']) { - $vars['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); + $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); } $db->query(" UPDATE " . TABLE_PREFIX . "comment SET comment = '" . $bugsys->in['comment'] . "', comment_parsed = '" . nl2br($bugsys->in['comment_parsed']) . "' - WHERE commentid = $vars[commentid]" + WHERE commentid = $comment[commentid]" ); echo "comment saved"; diff --git a/editreport.php b/editreport.php index 1c2f5ec..5ff6545 100644 --- a/editreport.php +++ b/editreport.php @@ -89,7 +89,7 @@ if ($_POST['do'] == 'update') WHERE bugid = $bug[bugid]" ); - if ($vars['changeproduct']) + if ($bugsys->in['changeproduct']) { $_REQUEST['do'] = 'editproduct'; } diff --git a/newcomment.php b/newcomment.php index 9f3e4ea..ae198fa 100644 --- a/newcomment.php +++ b/newcomment.php @@ -37,7 +37,7 @@ if ($_POST['do'] == 'insert') if (!$bugsys->options['allowhtml']) { - $vars['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); + $bugsys->in['comment_parsed'] = $bugsys->sanitize($bugsys->in['comment_parsed']); } $time = time(); @@ -46,7 +46,7 @@ if ($_POST['do'] == 'insert') INSERT INTO " . TABLE_PREFIX . "comment (bugid, userid, dateline, comment, comment_parsed) VALUES - ($vars[bugid], " . $bugsys->userinfo['userid'] . ", + (" . intval($bugsys->in['bugid']) . ", " . $bugsys->userinfo['userid'] . ", $time, '" . $bugsys->in['comment'] . "', '" . nl2br($bugsys->in['comment_parsed']) . "' )" -- 2.43.5