From c580f8b5d99d3ec63eb0885e24e800eb7a50d4db Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Wed, 27 Jun 2007 08:10:21 +0000 Subject: [PATCH] r1560: In vote.php, we sanitize the vote value as UINT when it should be INT to allow users to vote against bugs. Closes bug://report/84 --- docs/changes.txt | 1 + vote.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/changes.txt b/docs/changes.txt index c0a5c46..2c3ba15 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -2,6 +2,7 @@ =============================== - Fixed: In userctrl_search.tpl, the floated elements need to be before unfloated ones otherwise Gecko engine offsets it by a line - Fixed: Closed a SQL injection vector in register.php +- Fixed: Users could not vote against a bug due to too tight sanitization (bug://report/84) 1.2.0 Release Candidate 1 =============================== diff --git a/vote.php b/vote.php index 3955e46..2c9e0fe 100644 --- a/vote.php +++ b/vote.php @@ -73,7 +73,7 @@ if ($_REQUEST['do'] == 'vote') } } - $uservote = $bugsys->input_clean('vote', TYPE_UINT); + $uservote = $bugsys->input_clean('vote', TYPE_INT); $votefor = $vote['votefor']; $voteagainst = $vote['voteagainst']; -- 2.43.5