From c580f8b5d99d3ec63eb0885e24e800eb7a50d4db Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Wed, 27 Jun 2007 08:10:21 +0000
Subject: [PATCH] r1560: In vote.php, we sanitize the vote value as UINT when
 it should be INT to allow users to vote against bugs. Closes bug://report/84

---
 docs/changes.txt | 1 +
 vote.php         | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index c0a5c46..2c3ba15 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -2,6 +2,7 @@
 ===============================
 - Fixed: In userctrl_search.tpl, the floated elements need to be before unfloated ones otherwise Gecko engine offsets it by a line
 - Fixed: Closed a SQL injection vector in register.php
+- Fixed: Users could not vote against a bug due to too tight sanitization (bug://report/84)
 
 1.2.0 Release Candidate 1
 ===============================
diff --git a/vote.php b/vote.php
index 3955e46..2c9e0fe 100644
--- a/vote.php
+++ b/vote.php
@@ -73,7 +73,7 @@ if ($_REQUEST['do'] == 'vote')
 		}
 	}
 	
-	$uservote = $bugsys->input_clean('vote', TYPE_UINT);
+	$uservote = $bugsys->input_clean('vote', TYPE_INT);
 	
 	$votefor = $vote['votefor'];
 	$voteagainst = $vote['voteagainst'];
-- 
2.22.5