From db043c4be440293f0a9485a8d291d644b9c5582c Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sat, 21 Oct 2006 18:48:44 +0000 Subject: [PATCH] r1269: We were a little overzealous in our security checking last time and we added some cleaning calls that broke search... --- docs/changes.txt | 1 + search.php | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/changes.txt b/docs/changes.txt index 3341ef0..0c8d7ac 100644 --- a/docs/changes.txt +++ b/docs/changes.txt @@ -2,6 +2,7 @@ =============================== - Time zones with half-hours are not saved because the field only allows INTs (http://www.bluestatic.org/bugs/showreport.php?bugid=38) - Fixed a SQL error received upon deleting a resolution (http://www.bluestatic.org/bugs/showreport.php?bugid=40) +- When searching and selecting multiple items for a field, only the first one is used in the search (http://www.bluestatic.org/bugs/showreport.php?bugid=39) 1.1.3 =============================== diff --git a/search.php b/search.php index dc9df7e..1b9dd82 100644 --- a/search.php +++ b/search.php @@ -138,35 +138,35 @@ if ($_REQUEST['do'] == 'process') if ($bugsys->in['severity']) { $bugsys->input_clean('severity', TYPE_UINT); - $querybuild['severity'] = "AND bug.severity IN (" . $bugsys->clean(implode(',', $bugsys->in['severity']), TYPE_UINT) . ")"; + $querybuild['severity'] = "AND bug.severity IN (" . implode(',', $bugsys->in['severity']) . ")"; } // priority if ($bugsys->in['priority']) { $bugsys->input_clean('priority', TYPE_UINT); - $querybuild['priority'] = "AND bug.priority IN (" . $bugsys->clean(implode(',', $bugsys->in['priority']), TYPE_UINT) . ")"; + $querybuild['priority'] = "AND bug.priority IN (" . implode(',', $bugsys->in['priority']) . ")"; } // status if ($bugsys->in['status']) { $bugsys->input_clean('status', TYPE_UINT); - $querybuild['status'] = "AND bug.status IN (" . $bugsys->clean(implode(',', $bugsys->in['status']), TYPE_UINT) . ")"; + $querybuild['status'] = "AND bug.status IN (" . implode(',', $bugsys->in['status']) . ")"; } // resolution if ($bugsys->in['resolution']) { $bugsys->input_clean('resolution', TYPE_UINT); - $querybuild['resolution'] = "AND bug.resolution IN (" . $bugsys->clean(implode(',', $bugsys->in['resolution']), TYPE_UINT) . ")"; + $querybuild['resolution'] = "AND bug.resolution IN (" . implode(',', $bugsys->in['resolution']) . ")"; } // assignment if ($bugsys->in['assignedto']) { $bugsys->input_clean('assignedto', TYPE_UINT); - $querybuild['assignedto'] = "AND bug.assignedto IN (" . $bugsys->clean(implode(',', $bugsys->in['assignedto']), TYPE_UINT) . ")"; + $querybuild['assignedto'] = "AND bug.assignedto IN (" . implode(',', $bugsys->in['assignedto']) . ")"; } // ------------------------------------------------------------------- -- 2.43.5