From 8c04c1d6f86b1b098d05c7a0d8564581c2792104 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 16 Jul 2006 05:10:34 +0000 Subject: [PATCH] r887: Removing all the annoying calls to intval() in place of ISSO's cleaning framework --- admin/autoaction.php | 8 ++++---- admin/field.php | 45 ++++++++++++++++++++++++++---------------- admin/language.php | 21 ++++++++++---------- admin/permission.php | 32 +++++++++++++++++++----------- admin/priority.php | 10 +++++----- admin/product.php | 31 ++++++++++++++++------------- admin/resolution.php | 10 +++++----- admin/severity.php | 10 +++++----- admin/status.php | 10 +++++----- admin/user.php | 31 +++++++++++++++-------------- admin/usergroup.php | 27 +++++++++++++++---------- attachment.php | 4 ++-- editreport.php | 2 +- favourite.php | 13 ++++++------ includes/functions.php | 2 +- includes/init.php | 2 +- install/global.php | 2 +- login.php | 2 +- newreport.php | 7 ++++--- register.php | 9 +++++---- search.php | 2 +- showhistory.php | 2 +- showreport.php | 4 ++-- viewattachment.php | 2 +- vote.php | 4 ++-- 25 files changed, 163 insertions(+), 129 deletions(-) diff --git a/admin/autoaction.php b/admin/autoaction.php index b2f9ca5..ae7ac4d 100644 --- a/admin/autoaction.php +++ b/admin/autoaction.php @@ -38,7 +38,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $action = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . intval($bugsys->in['actionid'])); + $action = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . $bugsys->input_clean('actionid', TYPE_UINT)); if (!$action) { $admin->error($lang->getlex('error_invalid_id')); @@ -55,7 +55,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $action = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . intval($bugsys->in['actionid'])); + $action = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . $bugsys->input_clean('actionid', TYPE_UINT)); if (!$action) { $admin->error($lang->getlex('error_invalid_id')); @@ -122,7 +122,7 @@ if ($_POST['do'] == 'insert' OR $_POST['do'] == 'update') description = '" . $bugsys->in['description'] . "', fieldchanges = '" . $bugsys->escape(serialize($deltas)) . "', comment = '" . $bugsys->in['comment'] . "' - WHERE actionid = " . intval($bugsys->in['actionid']) + WHERE actionid = " . $bugsys->input_clean('actionid', TYPE_UINT)) ); build_auto_actions(); @@ -140,7 +140,7 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit') if ($edit) { - $action = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . intval($bugsys->in['actionid'])); + $action = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "autoaction WHERE actionid = " . $bugsys->input_clean('actionid', TYPE_UINT)); if (!$action) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/field.php b/admin/field.php index 7012dc1..f9b2f5a 100644 --- a/admin/field.php +++ b/admin/field.php @@ -44,7 +44,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . intval($bugsys->in['fieldid'])); + $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . $bugsys->input_clean('fieldid', TYPE_UINT)); if (!$field) { $admin->error($lang->getlex('error_invalid_id')); @@ -64,7 +64,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . intval($bugsys->in['fieldid'])); + $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . $bugsys->input_clean('fieldid', TYPE_UINT)); if (!$field) { $admin->error($lang->getlex('error_invalid_id')); @@ -84,7 +84,7 @@ if ($_REQUEST['do'] == 'update') if ($bugsys->in['fieldid']) { - $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . intval($bugsys->in['fieldid'])); + $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . $bugsys->input_clean('fieldid', TYPE_UINT)); if (!$field) { $admin->error($lang->getlex('error_invalid_id')); @@ -104,18 +104,26 @@ if ($_REQUEST['do'] == 'update') $admin->error($lang->string('Invalid field type specified.')); } + $bugsys->input_clean_array(array( + 'maxlength' => TYPE_UINT, + 'usedefault' => TYPE_UINT, + 'required' => TYPE_UINT, + 'cansearch' => TYPE_UINT, + 'fieldid' => TYPE_UINT + )); + switch ($type) { case 'input_text': $extrafields = 'defaultvalue, regexmatch, maxlength'; - $extradata = "'" . $bugsys->in['defaultvalue'] . "', '" . $bugsys->in['regexmatch'] . "', " . intval($bugsys->in['maxlength']); - $extraupdate = "defaultvalue = '" . $bugsys->in['defaultvalue'] . "', regexmatch = '" . $bugsys->in['regexmatch'] . "', maxlength = " . intval($bugsys->in['maxlength']); + $extradata = "'" . $bugsys->in['defaultvalue'] . "', '" . $bugsys->in['regexmatch'] . "', " . $bugsys->in['maxlength']; + $extraupdate = "defaultvalue = '" . $bugsys->in['defaultvalue'] . "', regexmatch = '" . $bugsys->in['regexmatch'] . "', maxlength = " . $bugsys->in['maxlength']; break; case 'input_checkbox': $extrafields = 'defaultvalue'; - $extradata = intval($bugsys->in['defaultvalue']); - $extraupdate = "defaultvalue = " . intval($bugsys->in['defaultvalue']); + $extradata = $bugsys->input_clean('defaultvalue', TYPE_UINT); + $extraupdate = "defaultvalue = " . $bugsys->in['defaultvalue']; break; case 'select_single': @@ -130,8 +138,8 @@ if ($_REQUEST['do'] == 'update') $admin->error($lang->string('You need to specify some select values.')); } - $extradata = "'" . $bugsys->escape(serialize($selects)) . "', " . intval($bugsys->in['usedefault']); - $extraupdate = "selects = '" . $bugsys->escape(serialize($selects)) . "', usedefault = " . intval($bugsys->in['usedefault']); + $extradata = "'" . $bugsys->escape(serialize($selects)) . "', " . $bugsys->in['usedefault']; + $extraupdate = "selects = '" . $bugsys->escape(serialize($selects)) . "', usedefault = " . $bugsys->in['usedefault']; break; } @@ -142,8 +150,8 @@ if ($_REQUEST['do'] == 'update') (name, description, type, required, cansearch, $extrafields) VALUES ('" . $bugsys->in['name'] . "', - '" . $bugsys->in['description'] . "', '$type', " . intval($bugsys->in['required']) . ", - " . intval($bugsys->in['cansearch']) . ", $extradata + '" . $bugsys->in['description'] . "', '$type', " . $bugsys->input_clean('required', TYPE_UINT) . ", + " . $bugsys->input_clean('cansearch', TYPE_UINT) . ", $extradata )" ); @@ -158,18 +166,19 @@ if ($_REQUEST['do'] == 'update') UPDATE " . TABLE_PREFIX . "bugfield SET name = '" . $bugsys->in['name'] . "', description = '" . $bugsys->in['description'] . "', - required = " . intval($bugsys->in['required']) . ", - cansearch = " . intval($bugsys->in['cansearch']) . ", + required = " . $bugsys->in['required']) . ", + cansearch = " . $bugsys->in['cansearch']) . ", $extraupdate - WHERE fieldid = " . intval($bugsys->in['fieldid']) + WHERE fieldid = " . $bugsys->in['fieldid'] ); - $fieldid = intval($bugsys->in['fieldid']); + $fieldid = $bugsys->in['fieldid']; } + $bugsys->input_clean('custom', TYPE_UINT); foreach ($bugsys->in['custom'] AS $usergroupid => $mask) { - $values[] = intval($usergroupid) . ", $fieldid, " . intval($mask); + $values[] = $bugsys->clean($usergroupid, TYPE_UINT) . ", $fieldid, " . $mask; } $db->query(" @@ -188,6 +197,8 @@ if ($_REQUEST['do'] == 'update') if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit') { + $bugsys->input_clean('fieldid', TYPE_UINT); + $add = (($_REQUEST['do'] == 'add') ? true : false); $typeselect = (($add AND empty($bugsys->in['step'])) ? true : false); $edit = (($add) ? false : true); @@ -212,7 +223,7 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit') if ($edit) { - $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . intval($bugsys->in['fieldid'])); + $field = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugfield WHERE fieldid = " . $bugsys->in['fieldid']); if (!$field) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/language.php b/admin/language.php index 147200c..c5bd021 100644 --- a/admin/language.php +++ b/admin/language.php @@ -41,19 +41,20 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { + $bugsys->input_clean('languageid', TYPE_UINT); $count = $db->query_first("SELECT COUNT(*) AS count FROM " . TABLE_PREFIX . "language"); if ($count['count'] < 2) { $admin->error($lang->string('At least one language needs to be present. Deleting this language would violate that.')); } - if ($bugsys->options['defaultlanguage'] == intval($bugsys->in['languageid'])) + if ($bugsys->options['defaultlanguage'] == $bugsys->in['languageid']) { $admin->error($lang->string('You cannot delete the default language. Please select another language to be the default language and then delete this one.')); } - $db->query("DELETE FROM " . TABLE_PREFIX . "language WHERE languageid = " . intval($bugsys->in['languageid'])); - $db->query("DELETE FROM " . TABLE_PREFIX . "localization WHERE languageid = " . intval($bugsys->in['languageid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "language WHERE languageid = " . $bugsys->in['languageid']); + $db->query("DELETE FROM " . TABLE_PREFIX . "localization WHERE languageid = " . $bugsys->in['languageid']); build_languages(); $admin->redirect('language.php?do=modify'); } @@ -62,7 +63,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to delete this language?'), 'language.php?do=kill&languageid=' . intval($bugsys->in['languageid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this language?'), 'language.php?do=kill&languageid=' . $bugsys->input_clean('languageid', TYPE_UINT)); } // ################################################################### @@ -74,8 +75,8 @@ if ($_POST['do'] == 'insert') (title, charset, direction, userselect, debug, filename) VALUES ('" . $bugsys->in['title'] . "', '" . $bugsys->in['charset'] . "', - '" . $bugsys->in['direction'] . "', " . intval($bugsys->in['userselect']) . ", - " . intval($bugsys->in['debug']) . ", '" . $bugsys->in['filename'] . "' + '" . $bugsys->in['direction'] . "', " . $bugsys->input_clean('userselect', TYPE_UINT) . ", + " . $bugsys->input_clean('debug', TYPE_UINT) . ", '" . $bugsys->in['filename'] . "' )" ); @@ -124,10 +125,10 @@ if ($_POST['do'] == 'update') SET title = '" . $bugsys->in['title'] . "', charset = '" . $bugsys->in['charset'] . "', direction = '" . $bugsys->in['direction'] . "', - userselect = " . intval($bugsys->in['userselect']) . ", - debug = " . intval($bugsys->in['langdebug']) . ", + userselect = " . $bugsys->input_clean('userselect', TYPE_UINT) . ", + debug = " . $bugsys->input_clean('langdebug', TYPE_UINT) . ", filename = '" . $bugsys->in['filename'] . "' - WHERE languageid = " . intval($bugsys->in['languageid']) + WHERE languageid = " . $bugsys->input_clean('languageid', TYPE_UINT) ); build_languages(); @@ -178,7 +179,7 @@ if ($_REQUEST['do'] == 'edit') if ($_REQUEST['do'] == 'reload') { - $language = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "language WHERE languageid = " . intval($bugsys->in['languageid'])); + $language = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "language WHERE languageid = " . $bugsys->input_clean('languageid', TYPE_UINT)); if (!$language) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/permission.php b/admin/permission.php index 78cbb5d..e830a85 100755 --- a/admin/permission.php +++ b/admin/permission.php @@ -67,27 +67,32 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $db->query("DELETE FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . intval($bugsys->in['usergroupid']) . " AND productid = " . intval($bugsys->in['productid'])); + $bugsys->input_clean('usergroupid', TYPE_UINT); + $db->query("DELETE FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . $bugsys->in['usergroupid'] . " AND productid = " . $bugsys->input_clean('productid', TYPE_UINT)); build_permissions(); - $admin->redirect('permission.php?do=modify&usergroupid=' . intval($bugsys->in['usergroupid'])); + $admin->redirect('permission.php?do=modify&usergroupid=' . $bugsys->in['usergroupid']); } // ################################################################### if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to revert this permission mask?'), 'permission.php?do=kill&usergroupid=' . intval($bugsys->in['usergroupid']) . '&productid=' . intval($bugsys->in['productid'])); + $admin->page_confirm($lang->string('Are you sure you want to revert this permission mask?'), 'permission.php?do=kill&usergroupid=' . $bugsys->input_clean('usergroupid', TYPE_UINT) . '&productid=' . $bugsys->input_clean('productid', TYPE_UINT)); } // ################################################################### if ($_REQUEST['do'] == 'edit') { - $perm = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . intval($bugsys->in['usergroupid']) . " AND productid = " . intval($bugsys->in['productid'])); - $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . intval($bugsys->in['usergroupid'])); - $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . intval($bugsys->in['productid'])); + $bugsys->input_clean_array(array( + 'usergroupid' => TYPE_UINT, + 'productid' => TYPE_UINT + )); + $perm = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "permission WHERE usergroupid = " . $bugsys->in['usergroupid'] . " AND productid = " . $bugsys->in['productid']); + $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $bugsys->in['usergroupid']); + $product = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . $bugsys->in['productid']); if (!$usergroup OR !$product) { @@ -133,7 +138,12 @@ if ($_REQUEST['do'] == 'edit') if ($_POST['do'] == 'update') { - foreach ($_POST['perm'] AS $permtitle => $binaryswitch) + $bugsys->input_clean_array(array( + 'perm' => TYPE_UINT, + 'usergroupid' => TYPE_UINT, + 'productid' => TYPE_UINT + )); + foreach ($bugsys->in['perm'] AS $permtitle => $binaryswitch) { $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch; } @@ -142,17 +152,15 @@ if ($_POST['do'] == 'update') REPLACE INTO " . TABLE_PREFIX . "permission (usergroupid, productid, mask) VALUES - (" . intval($bugsys->in['usergroupid']) . ", - " . intval($bugsys->in['productid']) . ", + (" . $bugsys->in['usergroupid'] . ", + " . $bugsys->in['productid'] . ", $permissionvalue )" ); build_permissions(); - $ugroupid = intval($bugsys->in['usergroupid']); - - $admin->redirect('permission.php?do=modify&usergroupid=' . $ugroupid); + $admin->redirect('permission.php?do=modify&usergroupid=' . $bugsys->in['usergroupid']); } // ################################################################### diff --git a/admin/priority.php b/admin/priority.php index 2e9de93..3bab50a 100755 --- a/admin/priority.php +++ b/admin/priority.php @@ -38,7 +38,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $db->query("DELETE FROM " . TABLE_PREFIX . "priority WHERE priorityid = " . intval($bugsys->in['priorityid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "priority WHERE priorityid = " . $bugsys->input_clean('priorityid', TYPE_UINT)); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -47,14 +47,14 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to delete this priority? Doing so will revert all bugs to the default priority (which is set in the options panel)?'), 'priority.php?do=kill&priorityid=' . intval($bugsys->in['priorityid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this priority? Doing so will revert all bugs to the default priority (which is set in the options panel)?'), 'priority.php?do=kill&priorityid=' . $bugsys->input_clean('priorityid', TYPE_UINT)); } // ################################################################### if ($_POST['do'] == 'insert') { - $db->query("INSERT INTO " . TABLE_PREFIX . "priority (priority, displayorder) VALUES ('" . $bugsys->in['priority'] . "'," . intval($bugsys->in['displayorder']) . ")"); + $db->query("INSERT INTO " . TABLE_PREFIX . "priority (priority, displayorder) VALUES ('" . $bugsys->in['priority'] . "'," . $bugsys->input_clean('displayorder', TYPE_UINT) . ")"); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -81,7 +81,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - $db->query("UPDATE " . TABLE_PREFIX . "priority SET priority = '" . $bugsys->in['priority'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE priorityid = " . intval($bugsys->in['priorityid'])); + $db->query("UPDATE " . TABLE_PREFIX . "priority SET priority = '" . $bugsys->in['priority'] . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE priorityid = " . $bugsys->input_clean('priorityid', TYPE_UINT)); build_priorities(); $admin->redirect('priority.php?do=modify'); } @@ -90,7 +90,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - $priority = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "priority WHERE priorityid = " . intval($bugsys->in['priorityid'])); + $priority = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "priority WHERE priorityid = " . $bugsys->input_clean('priorityid', TYPE_UINT)); if (!is_array($priority)) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/product.php b/admin/product.php index 5d7a860..82f9052 100755 --- a/admin/product.php +++ b/admin/product.php @@ -79,8 +79,9 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'killversion') { - $db->query("DELETE FROM " . TABLE_PREFIX . "version WHERE versionid = " . intval($bugsys->in['versionid'])); - $db->query("DELETE FROM " . TABLE_PREFIX . "bug WHERE versionid = " . intval($bugsys->in['versionid'])); + $bugsys->input_clean('versionid', TYPE_UINT); + $db->query("DELETE FROM " . TABLE_PREFIX . "version WHERE versionid = " . $bugsys->in['versionid']); + $db->query("DELETE FROM " . TABLE_PREFIX . "bug WHERE versionid = " . $bugsys->in['versionid']); build_versions(); @@ -91,14 +92,14 @@ if ($_REQUEST['do'] == 'killversion') if ($_REQUEST['do'] == 'deleteversion') { - $admin->page_confirm($lang->string('Are you sure you want to delete this version? Doing so will do delete all the bugs with this version.'), 'product.php?do=killversion&versionid=' . intval($bugsys->in['versionid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this version? Doing so will do delete all the bugs with this version.'), 'product.php?do=killversion&versionid=' . $bugsys->input_clean('versionid', TYPE_UINT)); } // ################################################################### if ($_REQUEST['do'] == 'insertversion') { - $db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES (" . intval($bugsys->in['productid']) . ", '" . $bugsys->in['version'] . "', " . intval($bugsys->in['displayorder']) . ")"); + $db->query("INSERT INTO " . TABLE_PREFIX . "version (productid, version, displayorder) VALUES (" . $bugsys->input_clean('productid', TYPE_UINT) . ", '" . $bugsys->in['version'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . ")"); build_versions(); $admin->redirect('product.php?do=modify'); } @@ -147,7 +148,7 @@ if ($_REQUEST['do'] == 'updateversion') $admin->error($lang->string('Please fill in a version number.')); } - $db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . $bugsys->in['version'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE versionid = " . intval($bugsys->in['versionid'])); + $db->query("UPDATE " . TABLE_PREFIX . "version SET version = '" . $bugsys->in['version'] . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE versionid = " . $bugsys->input_clean('versionid', TYPE_UINT)); build_versions(); $admin->redirect('product.php?do=modify'); @@ -159,7 +160,7 @@ if ($_REQUEST['do'] == 'editversion') { $admin->page_start($lang->string('Edit Version')); - $version = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "version WHERE versionid = " . intval($bugsys->in['versionid'])); + $version = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "version WHERE versionid = " . $bugsys->input_clean('versionid', TYPE_UINT)); if (!is_array($version)) { $admin->error($lang->getlex('error_invalid_id')); @@ -182,7 +183,8 @@ if ($_REQUEST['do'] == 'editversion') if ($_REQUEST['do'] == 'killproduct') { - $allprods = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . intval($bugsys->in['productid']) . " OR componentmother = " . intval($bugsys->in['productid'])); + $bugsys->input_clean('productid', TYPE_UINT); + $allprods = $db->query("SELECT * FROM " . TABLE_PREFIX . "product WHERE productid = " . $bugsys->in['productid'] . " OR componentmother = " . $bugsys->in['productid']); while ($prod = $db->fetch_array($allprods)) { $list[] = $prod['productid']; @@ -201,7 +203,7 @@ if ($_REQUEST['do'] == 'killproduct') if ($_REQUEST['do'] == 'deleteproduct') { - $admin->page_confirm($lang->string('Are you sure you want to delete this product and all of it\'s versions and components and any bugs that have been assigned those products or components?'), 'product.php?do=killproduct&productid=' . intval($bugsys->in['productid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this product and all of it\'s versions and components and any bugs that have been assigned those products or components?'), 'product.php?do=killproduct&productid=' . $bugsys->input_clean('productid', TYPE_UINT)); } // ################################################################### @@ -217,8 +219,8 @@ if ($_REQUEST['do'] == 'insertproduct') INSERT INTO " . TABLE_PREFIX . "product (title, componentmother, description, displayorder) VALUES - ('" . $bugsys->in['title'] . "', " . intval($bugsys->in['componentmother']) . ", - '" . $bugsys->in['description'] . "', " . intval($bugsys->in['displayorder']) . " + ('" . $bugsys->in['title'] . "', " . $bugsys->input_clean('componentmother', TYPE_UINT) . ", + '" . $bugsys->in['description'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . " )" ); build_products(); @@ -270,7 +272,7 @@ if ($_REQUEST['do'] == 'updateproduct') $admin->error($lang->getlex('error_invalid_id')); } - $db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . $bugsys->in['title'] . "', description = '" . $bugsys->in['description'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE productid = " . intval($bugsys->in['productid'])); + $db->query("UPDATE " . TABLE_PREFIX . "product SET title = '" . $bugsys->in['title'] . "', description = '" . $bugsys->in['description'] . "', displayorder = " . $bugsys->input_clean('displayorder', TYPE_UINT) . " WHERE productid = " . $bugsys->input_clean('productid', TYPE_UINT)); build_products(); $admin->redirect('product.php?do=modify'); @@ -309,13 +311,14 @@ if ($_REQUEST['do'] == 'editproduct') if ($_POST['do'] == 'displayorder') { - foreach ((array)$_POST['displayorder'] AS $namebit => $displayorder) + $bugsys->input_clean('displayorder', TYPE_UINT); + foreach ($bugsys->in['displayorder'] AS $namebit => $displayorder) { $name = explode('_', $namebit); if ($name[0] == 'product' OR $name[0] == 'version') { - $id = intval($name[1]); - $order = intval($displayorder); + $id = $bugsys->clean($name[1], TYPE_UINT); + $order = $displayorder; $db->query("UPDATE " . TABLE_PREFIX . "$name[0] SET displayorder = $order WHERE $name[0]id = $id"); } } diff --git a/admin/resolution.php b/admin/resolution.php index 30b8b96..aac8f4a 100755 --- a/admin/resolution.php +++ b/admin/resolution.php @@ -38,7 +38,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $db->query("DELETE FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = " . intval($bugsys->in['resolutionid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = " . $bugsys->input_clean('resolutionid', TYPE_UINT)); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -47,14 +47,14 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to delete this resolution? Doing so will revert all bugs to the default resolution (which is set in the options panel)?'), 'resolution.php?do=kill&resolutionid=' . intval($bugsys->in['resolutionid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this resolution? Doing so will revert all bugs to the default resolution (which is set in the options panel)?'), 'resolution.php?do=kill&resolutionid=' . $bugsys->input_clean('resolutionid', TYPE_UINT)); } // ################################################################### if ($_POST['do'] == 'insert') { - $db->query("INSERT INTO " . TABLE_PREFIX . "resolution (resolution, displayorder) VALUES ('" . $bugsys->in['resolution'] . "', " . intval($bugsys->in['displayorder']) . ")"); + $db->query("INSERT INTO " . TABLE_PREFIX . "resolution (resolution, displayorder) VALUES ('" . $bugsys->in['resolution'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . ")"); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -81,7 +81,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - $db->query("UPDATE " . TABLE_PREFIX . "resolution SET resolution = '" . $bugsys->in['resolution'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE resolutionid = " . intval($bugsys->in['resolutionid'])); + $db->query("UPDATE " . TABLE_PREFIX . "resolution SET resolution = '" . $bugsys->in['resolution'] . "', displayorder = " . $bugsys->input_clean('displayorder']) . " WHERE resolutionid = " . intval1($bugsys->in['resolutionid', TYPE_UINT)); build_resolutions(); $admin->redirect('resolution.php?do=modify'); } @@ -90,7 +90,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - $resolution = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = " . intval($bugsys->in['resolutionid'])); + $resolution = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "resolution WHERE resolutionid = " . $bugsys->input_clean('resolutionid', TYPE_UINT)); if (!is_array($resolution)) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/severity.php b/admin/severity.php index 770f90e..e8c08e8 100755 --- a/admin/severity.php +++ b/admin/severity.php @@ -38,7 +38,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $db->query("DELETE FROM " . TABLE_PREFIX . "severity WHERE severityid = " . intval($bugsys->in['serverityid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "severity WHERE severityid = " . $bugsys->input_clean('serverityid', TYPE_UINT)); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -47,14 +47,14 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to delete this severity? Doing so will revert all bugs to the default severity (which is set in the options panel)?'), 'severity.php?do=kill&severityid=' . intval($bugsys->in['severityid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this severity? Doing so will revert all bugs to the default severity (which is set in the options panel)?'), 'severity.php?do=kill&severityid=' . $bugsys->input_clean('severityid', TYPE_UINT)); } // ################################################################### if ($_POST['do'] == 'insert') { - $db->query("INSERT INTO " . TABLE_PREFIX . "severity (severity, displayorder) VALUES ('" . $bugsys->in['severity'] . "', " . intval($bugsys->in['displayorder']) . ")"); + $db->query("INSERT INTO " . TABLE_PREFIX . "severity (severity, displayorder) VALUES ('" . $bugsys->in['severity'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . ")"); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -81,7 +81,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - $db->query("UPDATE " . TABLE_PREFIX . "severity SET severity = '" . $bugsys->in['severity'] . "', displayorder = " . intval($bugsys->in['displayorder']) . " WHERE severityid = " . intval($bugsys->in['severityid'])); + $db->query("UPDATE " . TABLE_PREFIX . "severity SET severity = '" . $bugsys->in['severity'] . "', displayorder = " . $bugsys->input_clean('displayorder']) . " WHERE severityid = " . intval1($bugsys->in['severityid', TYPE_UINT)); build_severities(); $admin->redirect('severity.php?do=modify'); } @@ -90,7 +90,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - $severity = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "severity WHERE severityid = " . intval($bugsys->in['severityid'])); + $severity = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "severity WHERE severityid = " . $bugsys->input_clean('severityid', TYPE_UINT)); if (!is_array($severity)) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/status.php b/admin/status.php index 53f9a51..582743e 100755 --- a/admin/status.php +++ b/admin/status.php @@ -38,7 +38,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $db->query("DELETE FROM " . TABLE_PREFIX . "status WHERE statusid = " . intval($bugsys->in['statusid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "status WHERE statusid = " . $bugsys->input_clean('statusid', TYPE_UINT)); build_statuses(); $admin->redirect('status.php?do=modify'); } @@ -47,14 +47,14 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to delete this status? Doing so will revert all bugs to the default status (which is set in the options panel)?'), 'status.php?do=kill&statusid=' . intval($bugsys->in['statusid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this status? Doing so will revert all bugs to the default status (which is set in the options panel)?'), 'status.php?do=kill&statusid=' . $bugsys->input_clean('statusid', TYPE_UINT)); } // ################################################################### if ($_POST['do'] == 'insert') { - $db->query("INSERT INTO " . TABLE_PREFIX . "status (status, displayorder, color) VALUES ('" . $bugsys->in['status'] . "', " . intval($bugsys->in['displayorder']) . ", '" . $bugsys->in['color'] . "')"); + $db->query("INSERT INTO " . TABLE_PREFIX . "status (status, displayorder, color) VALUES ('" . $bugsys->in['status'] . "', " . $bugsys->input_clean('displayorder', TYPE_UINT) . ", '" . $bugsys->in['color'] . "')"); build_statuses(); $admin->redirect('status.php?do=modify'); } @@ -82,7 +82,7 @@ if ($_REQUEST['do'] == 'add') if ($_POST['do'] == 'update') { - $db->query("UPDATE " . TABLE_PREFIX . "status SET status = '" . $bugsys->in['status'] . "', displayorder = " . intval($bugsys->in['displayorder']) . ", color = '" . $bugsys->in['color'] . "' WHERE statusid = " . intval($bugsys->in['statusid'])); + $db->query("UPDATE " . TABLE_PREFIX . "status SET status = '" . $bugsys->in['status'] . "', displayorder = " . $bugsys->input_clean('displayorder']) . ", color = '" . $bugsys->in['color'] . "' WHERE statusid = " . intval1($bugsys->in['statusid', TYPE_UINT)); build_statuses(); $admin->redirect('status.php?do=modify'); } @@ -91,7 +91,7 @@ if ($_POST['do'] == 'update') if ($_REQUEST['do'] == 'edit') { - $status = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "status WHERE statusid = " . intval($bugsys->in['statusid'])); + $status = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "status WHERE statusid = " . $bugsys->input_clean('statusid', TYPE_UINT)); if (!is_array($status)) { $admin->error($lang->getlex('error_invalid_id')); diff --git a/admin/user.php b/admin/user.php index b6392bb..b9ba84e 100644 --- a/admin/user.php +++ b/admin/user.php @@ -37,7 +37,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { - $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); + $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . $bugsys->input_clean('userid', TYPE_UINT)); if (!$user) { $admin->error($lang->getlex('error_invalid_id')); @@ -68,7 +68,7 @@ if ($_REQUEST['do'] == 'kill') if ($_REQUEST['do'] == 'delete') { - $admin->page_confirm($lang->string('Are you sure you want to delete this user?'), 'user.php?do=kill&userid=' . intval($bugsys->in['userid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this user?'), 'user.php?do=kill&userid=' . $bugsys->input_clean('userid', TYPE_UINT)); } // ################################################################### @@ -86,11 +86,11 @@ if ($_POST['do'] == 'insert') '" . md5(md5($bugsys->in['password']) . md5($salt)) . "', '$salt', '" . $funct->rand() . "', - " . intval($bugsys->in['showemail']) . ", - " . intval($bugsys->in['showcolours']) . ", - " . intval($bugsys->in['languageid']) . ", - " . intval($bugsys->in['usergroupid']) . ", - " . intval($bugsys->in['timezone']) . " + " . $bugsys->input_clean('showemail', TYPE_UINT) . ", + " . $bugsys->input_clean('showcolours', TYPE_UINT) . ", + " . $bugsys->input_clean('languageid', TYPE_UINT) . ", + " . $bugsys->input_clean('usergroupid', TYPE_UINT) . ", + " . $bugsys->input_clean('timezone', TYPE_UINT) . " )" ); @@ -103,7 +103,7 @@ if ($_POST['do'] == 'insert') if ($_POST['do'] == 'update') { - $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); + $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . $bugsys->input_clean('userid', TYPE_UINT)); if (!$user) { $admin->error($lang->getlex('error_invalid_id')); @@ -113,10 +113,10 @@ if ($_POST['do'] == 'update') UPDATE " . TABLE_PREFIX . "user SET displayname = '" . $bugsys->in['displayname'] . "', email = '" . $bugsys->in['email'] . "', - showcolours = " . intval($bugsys->in['showcolours']) . ", - usergroupid = " . intval($bugsys->in['usergroupid']) . ", - languageid = " . intval($bugsys->in['languageid']) . ", - timezone = " . intval($bugsys->in['timezone']) . ($bugsys->in['password'] ? ", + showcolours = " . $bugsys->input_clean('showcolours', TYPE_UINT) . ", + usergroupid = " . $bugsys->input_clean('usergroupid', TYPE_UINT) . ", + languageid = " . $bugsys->input_clean('languageid', TYPE_UINT) . ", + timezone = " . $bugsys->input_clean('timezone', TYPE_UINT) . ($bugsys->in['password'] ? ", password = '" . md5(md5($bugsys->in['password']) . md5($user['salt'])) . "'" : '') . " WHERE userid = $user[userid]" ); @@ -135,7 +135,7 @@ if ($_REQUEST['do'] == 'edit' OR $_REQUEST['do'] == 'add') if ($edit) { - $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); + $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . $bugsys->input_clean('userid', TYPE_UINT)); if (!$user) { $admin->error($lang->getlex('error_invalid_id')); @@ -196,9 +196,10 @@ if ($_REQUEST['do'] == 'search') if (is_numeric($bugsys->in['userdata'])) { - if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userdata']))) + $bugsys->input_clean('userdata', TYPE_UINT); + if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . $bugsys->in['userdata'])) { - header('Location: user.php?do=edit&userid=' . intval($bugsys->in['userdata'])); + header('Location: user.php?do=edit&userid=' . $bugsys->in['userdata']); } else { diff --git a/admin/usergroup.php b/admin/usergroup.php index c50837d..958ffa0 100755 --- a/admin/usergroup.php +++ b/admin/usergroup.php @@ -79,13 +79,14 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'kill') { + $bugsys->input_clean('usergroupid', TYPE_UINT); if ($bugsys->in['usergroupid'] < 7) { $admin->error($lang->string('You can\'t delete a default usergroup.')); } - $db->query("DELETE FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . intval($bugsys->in['usergroupid'])); - $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = 2 WHERE usergroupid = " . intval($bugsys->in['usergroupid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $bugsys->in['usergroupid']); + $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = 2 WHERE usergroupid = " . $bugsys->in['usergroupid']); build_usergroups(); build_assignedto(); @@ -102,7 +103,7 @@ if ($_REQUEST['do'] == 'delete') $admin->error($lang->string('You can\'t delete a default usergroup.')); } - $admin->page_confirm($lang->string('Are you sure you want to delete this usergroup? All users in this group will be set back to the default registered usergroup (id: 2).'), 'usergroup.php?do=kill&usergroupid=' . intval($bugsys->in['usergroupid'])); + $admin->page_confirm($lang->string('Are you sure you want to delete this usergroup? All users in this group will be set back to the default registered usergroup (id: 2).'), 'usergroup.php?do=kill&usergroupid=' . $bugsys->in['usergroupid']); } // ################################################################### @@ -118,7 +119,7 @@ if ($_REQUEST['do'] == 'add' OR $_REQUEST['do'] == 'edit') if ($edit) { - $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . intval($bugsys->in['usergroupid'])); + $usergroup = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "usergroup WHERE usergroupid = " . $bugsys->in['usergroupid']); if (!is_array($usergroup)) { $admin->error($lang->getlex('error_invalid_id')); @@ -211,9 +212,10 @@ if ($_POST['do'] == 'insert') build_usergroups(); - foreach ($_POST['custom'] AS $fieldid => $mask) + $bugsys->input_clean('custom', TYPE_UINT); + foreach ($bugsys->in['custom'] AS $fieldid => $mask) { - $values[] = "$ugroupid, " . intval($fieldid) . ", " . intval($mask); + $values[] = "$ugroupid, " . $bugsys->clean($fieldid, TYPE_UINT) . ", " . $mask; } if (is_array($values)) @@ -234,6 +236,11 @@ if ($_POST['do'] == 'insert') if ($_POST['do'] == 'update') { + $bugsys->input_clean_array(array( + 'perm' => TYPE_UINT, + 'usergroupid' => TYPE_UINT, + 'custom' => TYPE_UINT + )); foreach ($_POST['perm'] AS $permtitle => $binaryswitch) { $permissionvalue += $_PERMISSION["$permtitle"] * $binaryswitch; @@ -244,16 +251,16 @@ if ($_POST['do'] == 'update') SET title = '" . $bugsys->in['title'] . "', displaytitle = '" . $bugsys->in['displaytitle'] . "', permissions = $permissionvalue - WHERE usergroupid = " . intval($bugsys->in['usergroupid']) + WHERE usergroupid = " . $bugsys->in['usergroupid'] ); build_usergroups(); build_assignedto(); - $ugroupid = intval($bugsys->in['usergroupid']); - foreach ($_POST['custom'] AS $fieldid => $mask) + $ugroupid = $bugsys->in['usergroupid']; + foreach ($bugsys->in['custom'] AS $fieldid => $mask) { - $values[] = "$ugroupid, " . intval($fieldid) . ", " . intval($mask); + $values[] = "$ugroupid, " . $bugsys->clean($fieldid, TYPE_UINT) . ", " . $mask; } if (is_array($values)) diff --git a/attachment.php b/attachment.php index 4a08ea3..f0a6cbb 100755 --- a/attachment.php +++ b/attachment.php @@ -38,14 +38,14 @@ APIError(array(new API_Error_Handler($message), 'user_cumulative')); if (isset($bugsys->in['attachmentid'])) { - $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid'])); + $attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . $bugsys->input_clean('attachmentid', TYPE_UINT)); if (!$attachment) { $message->error($lang->getlex('error_invalid_id')); } } -$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : intval($bugsys->in['bugid']))); +$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . (($attachment['attachmentid']) ? $attachment['bugid'] : $bugsys->input_clean('bugid', TYPE_UINT))); if (!$bug) { $message->error($lang->getlex('error_invalid_id')); diff --git a/editreport.php b/editreport.php index 0dd57ea..cc689b5 100644 --- a/editreport.php +++ b/editreport.php @@ -36,7 +36,7 @@ $bug = $db->query_first(" ON (bug.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "bugvaluefill AS bugvaluefill ON (bug.bugid = bugvaluefill.bugid) - WHERE bug.bugid = " . intval($bugsys->in['bugid']) + WHERE bug.bugid = " . $bugsys->input_clean('bugid', TYPE_UINT) ); if (!((can_perform('caneditown', $bug['productid']) AND $bugsys->userinfo['userid'] == $bug['userid']) OR (can_perform('caneditother', $bug['productid']) AND $bugsys->userinfo['userid'] != $bug['userid'])) AND !can_perform('canpostcomments', $bug['productid'])) diff --git a/favourite.php b/favourite.php index 00fc943..0f3e8f2 100644 --- a/favourite.php +++ b/favourite.php @@ -39,7 +39,8 @@ require_once('./global.php'); if ($_REQUEST['do'] == 'handle') { - $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid'])); + $bugsys->input_clean('bugid', TYPE_UINT); + $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . $bugsys->in['bugid']); if (!$bug OR (!can_perform('canviewhidden', $bug['productid']) AND $bug['hidden'])) { $message->error($lang->getlex('error_invalid_id')); @@ -50,15 +51,15 @@ if ($_REQUEST['do'] == 'handle') $message->error_permission(); } - if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "favourite WHERE userid = " . $bugsys->userinfo['userid'] . " AND bugid = " . intval($bugsys->in['bugid']))) + if ($db->query_first("SELECT * FROM " . TABLE_PREFIX . "favourite WHERE userid = " . $bugsys->userinfo['userid'] . " AND bugid = " . $bugsys->in['bugid'])) { - $db->query("DELETE FROM " . TABLE_PREFIX . "favourite WHERE userid = " . $bugsys->userinfo['userid'] . " AND bugid = " . intval($bugsys->in['bugid'])); - $message->redirect($lang->string('This bug has been removed from your favourites list.'), "showreport.php?bugid=" . intval($bugsys->in['bugid'])); + $db->query("DELETE FROM " . TABLE_PREFIX . "favourite WHERE userid = " . $bugsys->userinfo['userid'] . " AND bugid = " . $bugsys->in['bugid']); + $message->redirect($lang->string('This bug has been removed from your favourites list.'), "showreport.php?bugid=" . $bugsys->in['bugid']); } else { - $db->query("INSERT INTO " . TABLE_PREFIX . "favourite (userid, bugid) VALUES (" . $bugsys->userinfo['userid'] . ", " . intval($bugsys->in['bugid']) . ")"); - $message->redirect($lang->string('This bug has been added to your favourites list.'), "showreport.php?bugid=" . intval($bugsys->in['bugid'])); + $db->query("INSERT INTO " . TABLE_PREFIX . "favourite (userid, bugid) VALUES (" . $bugsys->userinfo['userid'] . ", " . $bugsys->in['bugid'] . ")"); + $message->redirect($lang->string('This bug has been added to your favourites list.'), "showreport.php?bugid=" . $bugsys->in['bugid']); } } diff --git a/includes/functions.php b/includes/functions.php index d7b37c2..1d30420 100755 --- a/includes/functions.php +++ b/includes/functions.php @@ -171,7 +171,7 @@ function construct_custom_fields($bug = array(), $ignore21mask = false, $nodefau } } - $fieldvalues = $bugsys->db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugvaluefill WHERE bugid = " . intval($bug['bugid'])); + $fieldvalues = $bugsys->db->query_first("SELECT * FROM " . TABLE_PREFIX . "bugvaluefill WHERE bugid = " . $bugsys->clean($bug['bugid'], TYPE_UINT)); $fieldbits = array(); diff --git a/includes/init.php b/includes/init.php index 012b7bd..826da49 100755 --- a/includes/init.php +++ b/includes/init.php @@ -100,7 +100,7 @@ unset($bugsys->datastore['setting']); // ################################################################### // load userinfo -$userid = intval($bugsys->in[COOKIE_PREFIX . 'userid']); +$userid = $bugsys->input_clean(COOKIE_PREFIX . 'userid', TYPE_UINT); if ($userid) { diff --git a/install/global.php b/install/global.php index 64483e7..aef1fa4 100644 --- a/install/global.php +++ b/install/global.php @@ -78,7 +78,7 @@ $bugsys->versions = array( // ################################################################### -$bugsys->in['mark'] = intval($bugsys->in['mark']); +$bugsys->input_clean('mark', TYPE_UINT); // ################################################################### // ################################################################### diff --git a/login.php b/login.php index 74d2c71..c7cda2d 100755 --- a/login.php +++ b/login.php @@ -47,7 +47,7 @@ if (empty($_REQUEST['do'])) if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') { - $keeplogin = intval($bugsys->in['rememberme']); + $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL); if ($_POST['cplogin']) { $keeplogin = 0; diff --git a/newreport.php b/newreport.php index ca96da2..038135e 100755 --- a/newreport.php +++ b/newreport.php @@ -33,7 +33,8 @@ require_once('./includes/class_notification.php'); require_once('./includes/api_bug.php'); require_once('./includes/api_comment.php'); -if (!can_perform('cansubmitbugs', intval($bugsys->in['productid']))) +$bugsys->input_clean('productid', TYPE_UINT); +if (!can_perform('cansubmitbugs', $bugsys->in['productid'])) { $message->error_permission(); } @@ -64,7 +65,7 @@ if ($_POST['do'] == 'insert') // ------------------------------------------------------------------- // check permissions on various input values - if (!can_perform('canchangestatus', intval($bugsys->in['productid']))) + if (!can_perform('canchangestatus', $bugsys->in['productid'])) { $bug->set('priority', $bugsys->options['defaultpriority']); $bug->set('status', $bugsys->options['defaultstatus']); @@ -76,7 +77,7 @@ if ($_POST['do'] == 'insert') $bug->set('status', $bugsys->in['status']); $bug->set('resolution', $bugsys->in['resolution']); } - if (!can_perform('canassign', intval($bugsys->in['productid']))) + if (!can_perform('canassign', $bugsys->in['productid'])) { $bug->set('assignedto', $bugsys->options['defaultassign']); } diff --git a/register.php b/register.php index 26bdb48..1710cd0 100755 --- a/register.php +++ b/register.php @@ -176,11 +176,12 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'activate') { - if ($useractivation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . intval($bugsys->in['userid']) . " AND activator = '" . $bugsys->in['activator'] . "'")) + $bugsys->input_clean('userid', TYPE_UINT); + if ($useractivation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . $bugsys->in['userid'] . " AND activator = '" . $bugsys->in['activator'] . "'")) { - $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . intval($bugsys->in['userid'])); - $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = $useractivation[usergroupid] WHERE userid = " . intval($bugsys->in['userid'])); - $db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . intval($bugsys->in['userid'])); + $user = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE userid = " . $bugsys->in['userid']); + $db->query("UPDATE " . TABLE_PREFIX . "user SET usergroupid = $useractivation[usergroupid] WHERE userid = " . $bugsys->in['userid']); + $db->query("DELETE FROM " . TABLE_PREFIX . "useractivation WHERE userid = " . $bugsys->in['userid']); if ($bugsys->options['sendwelcomemail']) { diff --git a/search.php b/search.php index 9e5e5d9..6a2376e 100644 --- a/search.php +++ b/search.php @@ -171,7 +171,7 @@ if ($_REQUEST['do'] == 'process') if ($bugsys->in['date']) { // now - (seconds/day * number of days) - $dateline = time() - (intval($bugsys->in['date']) * 3600); + $dateline = time() - ($bugsys->input_clean('date', TYPE_INT)) * 3600); $querybuild['date'] = "AND bug.dateline >= $dateline"; } diff --git a/showhistory.php b/showhistory.php index c006276..92b89c7 100644 --- a/showhistory.php +++ b/showhistory.php @@ -31,7 +31,7 @@ $focus['showreport'] = 'focus'; require_once('./global.php'); require_once('./includes/api_user.php'); -$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid'])); +$bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . $bugsys->input_clean('bugid', TYPE_UINT)); if (!$bug) { $message->error($lang->getlex('error_invalid_id')); diff --git a/showreport.php b/showreport.php index 7014ee9..a4f5ce0 100644 --- a/showreport.php +++ b/showreport.php @@ -34,7 +34,7 @@ $focus['showreport'] = 'focus'; require_once('./global.php'); require_once('./includes/functions_product.php'); -$bugid = intval($bugsys->in['bugid']); +$bugid = $bugsys->input_clean('bugid', TYPE_UINT); // ################################################################### @@ -68,7 +68,7 @@ $bug = $db->query_first(" ON (bug.userid = user.userid) LEFT JOIN " . TABLE_PREFIX . "bugvaluefill AS bugvaluefill ON (bug.bugid = bugvaluefill.bugid) - WHERE bug.bugid = " . intval($bugsys->in['bugid']) + WHERE bug.bugid = $bugid" ); if (!can_perform('canviewbugs', $bug['productid'])) diff --git a/viewattachment.php b/viewattachment.php index 4307fe8..40fa6f1 100755 --- a/viewattachment.php +++ b/viewattachment.php @@ -27,7 +27,7 @@ $focus['showreport'] = 'focus'; require_once('./global.php'); -$attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . intval($bugsys->in['attachmentid'])); +$attachment = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "attachment WHERE attachmentid = " . $bugsys->input_clean('attachmentid', TYPE_UINT)); if (!$attachment) { $message->error($lang->getlex('error_invalid_id')); diff --git a/vote.php b/vote.php index 549d149..156fd0c 100644 --- a/vote.php +++ b/vote.php @@ -36,7 +36,7 @@ if (empty($_REQUEST['do'])) if ($_REQUEST['do'] == 'vote') { - $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . intval($bugsys->in['bugid']) . ((!can_perform('canviewhidden')) ? " AND !hidden" : '')); + $bug = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "bug WHERE bugid = " . $bugsys->input_clean('bugid', TYPE_UINT) . ((!can_perform('canviewhidden')) ? " AND !hidden" : '')); $vote = $db->query_first("SELECT *, FIND_IN_SET(" . $bugsys->userinfo['userid'] . ", userids) AS uservote FROM " . TABLE_PREFIX . "vote WHERE bugid = $bug[bugid]"); if (!can_perform('canvote', $bug['productid'])) @@ -68,7 +68,7 @@ if ($_REQUEST['do'] == 'vote') } } - $uservote = intval($bugsys->in['vote']); + $uservote = $bugsys->input_clean('vote', TYPE_UINT); $votefor = $vote['votefor']; $voteagainst = $vote['voteagainst']; -- 2.22.5