[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] projects/inc/class.soprojects.inc.php, 1.34.2.6.2.33
From: |
nomail |
Subject: |
[Phpgroupware-cvs] projects/inc/class.soprojects.inc.php, 1.34.2.6.2.33 |
Date: |
Sun, 19 Dec 2004 19:10:04 +0100 |
Update of /projects/inc
Modified Files:
Branch: Version-0_9_16-branch
class.soprojects.inc.php
date: 2004/12/19 18:10:04; author: ceb; state: Exp; lines: +16 -8
Log Message:
security bugfixes
=====================================================================
Index: projects/inc/class.soprojects.inc.php
diff -u projects/inc/class.soprojects.inc.php:1.34.2.6.2.32
projects/inc/class.soprojects.inc.php:1.34.2.6.2.33
--- projects/inc/class.soprojects.inc.php:1.34.2.6.2.32 Tue Sep 23 23:41:23 2003
+++ projects/inc/class.soprojects.inc.php Sun Dec 19 18:10:04 2004
@@ -248,7 +248,7 @@
function read_single_project($project_id)
{
- $this->db->query('SELECT * from phpgw_p_projects WHERE
id=' . $project_id,__LINE__,__FILE__);
+ $this->db->query('SELECT * from phpgw_p_projects WHERE
id=' . intval($project_id),__LINE__,__FILE__);
list($project) = $this->db2projects();
return $project;
@@ -312,8 +312,9 @@
$values['budget'] =
$values['budget'] + 0.0;
$values['pcosts'] =
$values['pcosts'] + 0.0;
+ $values['parent'] =
intval($values['parent']);
- if ($values['parent'] && $values['parent'] != 0)
+ if ($values['parent'] > 0)
{
$values['main'] =
intval($this->id2item(array('project_id' => $values['parent'],'item' =>
'main')));
$values['level'] =
intval($this->id2item(array('project_id' => $values['parent'],'item' =>
'level'))+1);
@@ -327,7 +328,7 @@
. ",'" .
(isset($values['access'])?$values['access']:'public') . "'," .
intval($values['cat']) . ',' . time() . ',' . intval($values['sdate']) . ','
.
intval($values['edate']) . ',' . intval($values['coordinator']) . ',' .
intval($values['customer']) . ",'" . $values['status']
. "','" .
$values['descr'] . "','" . $values['title'] . "'," . $values['budget'] . ",'" .
$values['number'] . "',"
- .
intval($values['parent']) . ',' . intval($values['ptime']) . ',' . time() . ','
. $this->account . ",'" . $values['investment_nr']
+ . $values['parent'] .
',' . intval($values['ptime']) . ',' . time() . ',' . $this->account . ",'" .
$values['investment_nr']
. "'," .
$values['pcosts'] . ',' . intval($values['main']) . ',' .
intval($values['level']) . ',' . intval($values['previous']) .
')',__LINE__,__FILE__);
$p_id = $this->db->get_last_insert_id($table,'id');
@@ -434,6 +435,8 @@
function edit_project($values, $book_activities = 0,
$bill_activities = 0)
{
+ $values['project_id'] = intval($values['project_id']);
+
if (is_array($book_activities))
{
$this->db2->query('delete from
phpgw_p_projectactivities where project_id=' . $values['project_id']
@@ -462,7 +465,7 @@
$values['title'] =
$this->db->db_addslashes($values['title']);
$values['number'] =
$this->db->db_addslashes($values['number']);
$values['investment_nr'] =
$this->db->db_addslashes($values['investment_nr']);
- $values['project_id'] =
intval($values['project_id']);
+
$values['parent'] =
intval($values['parent']);
$values['budget'] =
$values['budget'] + 0.0;
@@ -470,6 +473,7 @@
if (isset($values['old_parent']) &&
$values['old_parent'] != $values['parent'])
{
+ $values['old_parent'] =
intval($values['old_parent']);
$this->reparent($values);
}
if (!isset($values['main']) || !isset($values['level']))
@@ -600,7 +604,7 @@
}
$this->db->query('SELECT
phpgw_p_activities.id,num,descr,billperae,activity_id from
phpgw_p_activities,phpgw_p_projectactivities '
- . 'WHERE
phpgw_p_projectactivities.project_id=' . $project_id . ' AND
phpgw_p_activities.id='
+ . 'WHERE
phpgw_p_projectactivities.project_id=' . intval($project_id) . ' AND
phpgw_p_activities.id='
.
'phpgw_p_projectactivities.activity_id' . $bill_filter,__LINE__,__FILE__);
while ($this->db->next_record())
@@ -730,6 +734,7 @@
function return_value($action,$pro_id)
{
$pro_id = intval($pro_id);
+
if ($action == 'act')
{
$this->db->query('SELECT num,descr from
phpgw_p_activities where id=' . $pro_id,__LINE__,__FILE__);
@@ -750,13 +755,14 @@
{
switch ($action)
{
- case 'pro': $column
= 'num,title'; break;
+ //case 'pro': $column
= 'num,title'; break;
case 'edate': $column =
'end_date'; break;
case 'sdate': $column =
'start_date'; break;
case 'ptime': $column =
'time_planned'; break;
case 'invest': $column =
'investment_nr'; break;
case 'budget': $column =
'budget'; break;
case 'previous': $column =
'previous'; break;
+ default: $column
= 'num,title'; break;
}
$this->db->query('SELECT ' . $column . ' from
phpgw_p_projects where id=' . $pro_id,__LINE__,__FILE__);
@@ -778,6 +784,8 @@
function exists($action, $check = 'number', $num = '', $pa_id =
'')
{
+ $pa_id = intval($pa_id);
+
switch ($action)
{
case 'act' : $p_table = '
phpgw_p_activities '; break;
@@ -786,7 +794,7 @@
if ($check == 'number')
{
- if ($pa_id && ($pa_id != 0))
+ if ($pa_id > 0)
{
$editexists = ' and id !=' . $pa_id;
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] projects/inc/class.soprojects.inc.php, 1.34.2.6.2.33,
nomail <=