[Vtigercrm-commits] [vtiger-commits] r4851 - in /vtigercrm/branches/4.2_postgresql_integration/modules: Settings/SaveConvertLead.php Users/SaveOrgSharing.php

vtigercrm-commits at vtiger.fosslabs.com vtigercrm-commits at vtiger.fosslabs.com
Mon Apr 3 16:01:18 EDT 2006 

Author: allanbush
Date: Mon Apr  3 14:01:15 2006
New Revision: 4851

Log:
Added input sanitization before using it in a query.  Refs #17.

Modified:
    vtigercrm/branches/4.2_postgresql_integration/modules/Settings/SaveConvertLead.php
    vtigercrm/branches/4.2_postgresql_integration/modules/Users/SaveOrgSharing.php

Modified: vtigercrm/branches/4.2_postgresql_integration/modules/Settings/SaveConvertLead.php
==============================================================================
--- vtigercrm/branches/4.2_postgresql_integration/modules/Settings/SaveConvertLead.php (original)
+++ vtigercrm/branches/4.2_postgresql_integration/modules/Settings/SaveConvertLead.php Mon Apr  3 14:01:15 2006
@@ -27,23 +27,23 @@
 		$contact_id_name=$lead_id."_contact";			
 		$potential_id_name=$lead_id."_potential";			
 		
-		$account_id_val=$_REQUEST[$account_id_name];
-		$contact_id_val=$_REQUEST[$contact_id_name];
-		$potential_id_val=$_REQUEST[$potential_id_name];
+		$account_id_val = (int) $_REQUEST[$account_id_name];
+		$contact_id_val = (int) $_REQUEST[$contact_id_name];
+		$potential_id_val = (int) $_REQUEST[$potential_id_name];
 
 		if($account_id_val=="None")
 		{
-			$account_id_val="";
+			$account_id_val="null";
 		}
 		if($contact_id_val=="None")
 		{
-			$contact_id_val="";
+			$contact_id_val="null";
 		}
 		if($potential_id_val =="None")	
 		{
-			$potential_id_val="";
+			$potential_id_val="null";
 		}
-		$update_sql="update convertleadmapping set accountfid='".$account_id_val."',contactfid='".$contact_id_val."',potentialfid='".$potential_id_val."' where leadfid=".$lead_id;
+		$update_sql="update convertleadmapping set accountfid=".$account_id_val.",contactfid=".$contact_id_val.",potentialfid=".$potential_id_val." where leadfid=".$lead_id;
 
 		$adb->query($update_sql);
 	}

Modified: vtigercrm/branches/4.2_postgresql_integration/modules/Users/SaveOrgSharing.php
==============================================================================
--- vtigercrm/branches/4.2_postgresql_integration/modules/Users/SaveOrgSharing.php (original)
+++ vtigercrm/branches/4.2_postgresql_integration/modules/Users/SaveOrgSharing.php Mon Apr  3 14:01:15 2006
@@ -23,7 +23,7 @@
 	if($tabid != 8 && $tab_id != 14 && $tab_id != 15 && $tab_id != 18 && $tab_id != 19 && $tab_id != 16 & $tab_id != 22)
 	{
 		$reqval = $tabid.'_per';	
-		$permission=$_REQUEST[$reqval];
+		$permission = (int) $_REQUEST[$reqval];
 		$sql7="update def_org_share set permission=".$permission." where tabid=".$tabid." and ruleid=".$ruleid;
 		//echo $sql7;
 		//echo '<BR>';

More information about the vtigercrm-commits mailing list