appdb/. deletecomment.php commentview.php

WineHQ wineowner at wine.codeweavers.com
Fri Jul 7 12:16:43 CDT 2006 

ChangeSet ID:	26331
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner at winehq.org	2006/07/07 12:16:42

Modified files:
	.              : deletecomment.php commentview.php 

Log message:
	Jonathan Ernst <jonathan at ernstfamily.ch>
	Enable filtering in commentview.php and deletecomment.php

Patch: http://cvs.winehq.org/patch.py?id=26331

Old revision  New revision  Changes     Path
 1.28          1.29          +1 -6       appdb/deletecomment.php
 1.12          1.13          +1 -10      appdb/commentview.php

Index: appdb/deletecomment.php
diff -u -p appdb/deletecomment.php:1.28 appdb/deletecomment.php:1.29
--- appdb/deletecomment.php:1.28	7 Jul 2006 17:16:42 -0000
+++ appdb/deletecomment.php	7 Jul 2006 17:16:42 -0000
@@ -13,15 +13,10 @@
 // application environment
 include("path.php");
 require(BASE."include/incl.php");
+require(BASE."include/filter.php");
 require(BASE."include/application.php");
 require(BASE."include/mail.php");
 
-$aClean = array(); //array of filtered user input
-
-$aClean['sWhy'] = makeSafe($_REQUEST['sWhy']);
-$aClean['iCommentId'] = makeSafe($_REQUEST['iCommentId']);
-$aClean['iDeleteIt'] = makeSafe($_REQUEST['iDeleteIt']);
-
 $oComment = new Comment($aClean['iCommentId']);
 
 /**
Index: appdb/commentview.php
diff -u -p appdb/commentview.php:1.12 appdb/commentview.php:1.13
--- appdb/commentview.php:1.12	7 Jul 2006 17:16:42 -0000
+++ appdb/commentview.php	7 Jul 2006 17:16:42 -0000
@@ -10,20 +10,11 @@
  */
 include("path.php");
 include(BASE."include/incl.php");
+include(BASE."include/filter.php");
 require_once(BASE."include/comment.php");
 
-$aClean = array(); //array of filtered user input
-
-$aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
-$aClean['iVersionId'] = makeSafe($_REQUEST['iVersionId']);
-$aClean['iThreadId'] = makeSafe($_REQUEST['iThreadId']);
-
 apidb_header("Comments");
 
-
-if(!is_numeric($aClean['iAppId']) OR !is_numeric($aClean['iVersionId']) OR (!empty($aClean['iThreadId']) AND !is_numeric($aClean['iThreadId'])))
-    util_show_error_page_and_exit("Wrong IDs");
-
 view_app_comments($aClean['iVersionId'], $aClean['iThreadId']);
 
 apidb_footer();

More information about the wine-cvs mailing list