appdb/include application.php

Fri Jul 7 14:23:58 CDT 2006

ChangeSet ID:	26346
CVSROOT:	/opt/cvs-commit
Module name:	appdb
Changes by:	wineowner at winehq.org	2006/07/07 14:23:58

Modified files:
	include        : application.php 

Log message:
	Chris Morgan <cmorgan at alum.wpi.edu>
	application::display() should use the class internal iAppId instead of any $_REQUEST data

Patch: http://cvs.winehq.org/patch.py?id=26346

Old revision  New revision  Changes     Path
 1.61          1.62          +2 -6       appdb/include/application.php

Index: appdb/include/application.php
diff -u -p appdb/include/application.php:1.61 appdb/include/application.php:1.62

--- appdb/include/application.php:1.61	7 Jul 2006 19:23:58 -0000
+++ appdb/include/application.php	7 Jul 2006 19:23:58 -0000
@@ -514,10 +514,6 @@ class Application {
     /* display this application */
     function display()
     {
-        $aClean = array(); //array of filtered user input
-
-        $aClean['iAppId'] = makeSafe($_REQUEST['iAppId']);
-
         /* is this user supposed to view this version? */
         if(!$_SESSION['current']->canViewApplication($this))
             util_show_error_page_and_exit("Something went wrong with the application or version id");
@@ -557,7 +553,7 @@ class Application {
 
         // optional links
         $result = query_parameters("SELECT * FROM appData WHERE appId = '?' AND versionID = 0 AND type = 'url'",
-                                   $aClean['iAppId']);
+                                   $this->iAppId);
         if($result && mysql_num_rows($result) > 0)
         {
             echo "        <tr class=\"color1\"><td> <b>Links</b></td><td>\n";
@@ -614,7 +610,7 @@ class Application {
             
             if($_SESSION['current']->isSuperMaintainer($this->iAppId) || $_SESSION['current']->hasPriv("admin"))
             {
-                echo '        <form method="post" name="sEdit" action="admin/editAppFamily.php"><input type="hidden" name="iAppId" value="'.$aClean['iAppId'].'"><input type="submit" value="Edit Application" class="button"></form>';
+                echo '        <form method="post" name="sEdit" action="admin/editAppFamily.php"><input type="hidden" name="iAppId" value="'.$this->iAppId.'"><input type="submit" value="Edit Application" class="button"></form>';
             }
             if($_SESSION['current']->isLoggedIn())
             {

