[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] tts/newticket.php, 1.31.2.3.4.6
|
From: |
nomail |
|
Subject: |
[Phpgroupware-cvs] tts/newticket.php, 1.31.2.3.4.6 |
|
Date: |
Thu, 30 Sep 2004 15:27:27 +0200 |
Update of /tts
Modified Files:
Branch: Version-0_9_16-branch
newticket.php
date: 2004/09/30 13:27:27; author: fipsfuchs; state: Exp; lines: +17 -17
Log Message:
security review
=====================================================================
Index: tts/newticket.php
diff -u tts/newticket.php:1.31.2.3.4.5 tts/newticket.php:1.31.2.3.4.6
--- tts/newticket.php:1.31.2.3.4.5 Thu Aug 12 09:04:24 2004
+++ tts/newticket.php Thu Sep 30 13:27:27 2004
@@ -81,20 +81,20 @@
$GLOBALS['phpgw']->db->query("insert into phpgw_tts_tickets
(ticket_group,ticket_priority,ticket_owner,"
.
"ticket_assignedto,ticket_subject,ticket_category,ticket_billable_hours,"
.
"ticket_billable_rate,ticket_status,ticket_deadline,ticket_effort,ticket_type,ticket_platform,ticket_attachment,ticket_details)
values ('"
- . $_POST['ticket']['group'] . "','"
- . $_POST['ticket']['priority'] . "','"
+ . (int) $_POST['ticket']['group'] . "','"
+ . (int) $_POST['ticket']['priority'] . "','"
. $GLOBALS['phpgw_info']['user']['account_id'] . "','"
- . $_POST['ticket']['assignedto'] . "','"
- . $_POST['ticket']['subject'] . "','"
- . $_POST['ticket']['category'] . "','"
- . $_POST['ticket']['billable_hours'] . "','"
- . $_POST['ticket']['billable_rate'] . "','O','"
- . $_POST['ticket']['deadline']['year'] . "-" .
$_POST['ticket']['deadline']['month'] . "-" .
$_POST['ticket']['deadline']['day'] . "','"
- . $_POST['ticket']['effort'] . "','"
- . ($_POST['ticket']['type'] ? $_POST['ticket']['type']
: 0) . "','"
- . ($_POST['ticket']['platform'] ?
$_POST['ticket']['platform'] : 0) . "','"
- . ($file_id ? $file_id : 0). "','"
- . addslashes($_POST['ticket']['details']) .
"')",__LINE__,__FILE__);
+ . (int) $_POST['ticket']['assignedto'] . "','"
+ .
$GLOBALS['phpgw']->db->db_addslashes($_POST['ticket']['subject']) . "','"
+ . (int) $_POST['ticket']['category'] . "','"
+ . (float) $_POST['ticket']['billable_hours'] . "','"
+ . (float) $_POST['ticket']['billable_rate'] . "','O','"
+ . (int) $_POST['ticket']['deadline']['year'] . "-" .
$GLOBALS['phpgw']->db->db_addslashes($_POST['ticket']['deadline']['month']) .
"-" . (int) $_POST['ticket']['deadline']['day'] . "','"
+ .
$GLOBALS['phpgw']->db->db_addslashes($_POST['ticket']['effort'])."','"
+ . ((int) $_POST['ticket']['type'] ? (int)
$_POST['ticket']['type'] : 0) . "','"
+ . ((int) $_POST['ticket']['platform'] ? (int)
$_POST['ticket']['platform'] : 0) . "','"
+ . ((int) $file_id ? (int) $file_id : 0). "','"
+ .
$GLOBALS['phpgw']->db->db_addslashes($_POST['ticket']['details']) .
"')",__LINE__,__FILE__);
$ticket_id =
$GLOBALS['phpgw']->db->get_last_insert_id('phpgw_tts_tickets','ticket_id');
@@ -165,8 +165,8 @@
$GLOBALS['phpgw']->template->set_var('row_on',
$GLOBALS['phpgw_info']['theme']['row_on']);
$GLOBALS['phpgw']->template->set_var('th_bg',
$GLOBALS['phpgw_info']['theme']['th_bg']);
-
$GLOBALS['phpgw']->template->set_var('value_details',$ticket['details']);
-
$GLOBALS['phpgw']->template->set_var('value_subject',$ticket['details']);
+ $GLOBALS['phpgw']->template->set_var('value_details',
$ticket['details']); // check this line
+ $GLOBALS['phpgw']->template->set_var('value_subject',
$ticket['details']); // check this line
$GLOBALS['phpgw']->template->set_var('value_billable_hours',($ticket['billable_hours']?$ticket['billable_hours']:'0.00'));
$GLOBALS['phpgw']->template->set_var('value_billable_hours_rate',($ticket['billable_rate']?$ticket['billable_rate']:'0.00'));
$GLOBALS['phpgw']->template->set_var('currency',$GLOBALS['phpgw_info']['user']['preferences']['common']['currency']);
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] tts/newticket.php, 1.31.2.3.4.6,
nomail <=