From db043c4be440293f0a9485a8d291d644b9c5582c Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sat, 21 Oct 2006 18:48:44 +0000
Subject: [PATCH] r1269: We were a little overzealous in our security checking
 last time and we added some cleaning calls that broke search...

---
 docs/changes.txt |  1 +
 search.php       | 10 +++++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/docs/changes.txt b/docs/changes.txt
index 3341ef0..0c8d7ac 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -2,6 +2,7 @@
 ===============================
 - Time zones with half-hours are not saved because the field only allows INTs (http://www.bluestatic.org/bugs/showreport.php?bugid=38)
 - Fixed a SQL error received upon deleting a resolution (http://www.bluestatic.org/bugs/showreport.php?bugid=40)
+- When searching and selecting multiple items for a field, only the first one is used in the search (http://www.bluestatic.org/bugs/showreport.php?bugid=39)
 
 1.1.3
 ===============================
diff --git a/search.php b/search.php
index dc9df7e..1b9dd82 100644
--- a/search.php
+++ b/search.php
@@ -138,35 +138,35 @@ if ($_REQUEST['do'] == 'process')
 	if ($bugsys->in['severity'])
 	{
 		$bugsys->input_clean('severity', TYPE_UINT);
-		$querybuild['severity'] = "AND bug.severity IN (" . $bugsys->clean(implode(',', $bugsys->in['severity']), TYPE_UINT) . ")";
+		$querybuild['severity'] = "AND bug.severity IN (" . implode(',', $bugsys->in['severity']) . ")";
 	}
 	
 	// priority
 	if ($bugsys->in['priority'])
 	{
 		$bugsys->input_clean('priority', TYPE_UINT);
-		$querybuild['priority'] = "AND bug.priority IN (" . $bugsys->clean(implode(',', $bugsys->in['priority']), TYPE_UINT) . ")";
+		$querybuild['priority'] = "AND bug.priority IN (" . implode(',', $bugsys->in['priority']) . ")";
 	}
 	
 	// status
 	if ($bugsys->in['status'])
 	{
 		$bugsys->input_clean('status', TYPE_UINT);
-		$querybuild['status'] = "AND bug.status IN (" . $bugsys->clean(implode(',', $bugsys->in['status']), TYPE_UINT) . ")";
+		$querybuild['status'] = "AND bug.status IN (" . implode(',', $bugsys->in['status']) . ")";
 	}
 	
 	// resolution
 	if ($bugsys->in['resolution'])
 	{
 		$bugsys->input_clean('resolution', TYPE_UINT);
-		$querybuild['resolution'] = "AND bug.resolution IN (" . $bugsys->clean(implode(',', $bugsys->in['resolution']), TYPE_UINT) . ")";
+		$querybuild['resolution'] = "AND bug.resolution IN (" . implode(',', $bugsys->in['resolution']) . ")";
 	}
 	
 	// assignment
 	if ($bugsys->in['assignedto'])
 	{
 		$bugsys->input_clean('assignedto', TYPE_UINT);
-		$querybuild['assignedto'] = "AND bug.assignedto IN (" . $bugsys->clean(implode(',', $bugsys->in['assignedto']), TYPE_UINT) . ")";
+		$querybuild['assignedto'] = "AND bug.assignedto IN (" . implode(',', $bugsys->in['assignedto']) . ")";
 	}
 	
 	// -------------------------------------------------------------------
-- 
2.22.5