[Evolvis-commits] r209: SECURITY: pull upstream r8337 and r8361 to address CVE-2009-3303↵

mirabilos at evolvis.org mirabilos at evolvis.org
Mon Nov 23 16:36:23 CET 2009


Author: mirabilos
Date: 2009-11-23 15:36:23 +0000 (Mon, 23 Nov 2009)
New Revision: 209

Modified:
   trunk/gforge_base/gforge-4.8.1+evolvis/debian/changelog
   trunk/gforge_base/gforge-4.8.1+evolvis/www/help/tracker.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/include/pre.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/pm/reporting/index.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/project/stats/index.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/siteact_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/timeadd.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/trackerpie_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usersummary.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usertime_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/browse.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/index.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackeract_graph.php
   trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackerpie_graph.php
Log:
SECURITY: pull upstream r8337 and r8361 to address CVE-2009-3303


Modified: trunk/gforge_base/gforge-4.8.1+evolvis/debian/changelog
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/debian/changelog	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/debian/changelog	2009-11-23 15:36:23 UTC (rev 209)
@@ -1,8 +1,9 @@
-gforge (4.8.1+evolvis-8) xunstable; urgency=low
+gforge (4.8.1+evolvis-8) unstable; urgency=low
 
   * gforge-plugin-mediawiki: provide commented-out import permissions
+  * Address cross-site scripting vulnerabilities (CVE-2009-3303)
 
- -- Thorsten Glaser <tg at mirbsd.de>  Wed, 18 Nov 2009 18:01:14 +0100
+ -- Thorsten Glaser <t.glaser at tarent.de>  Mon, 23 Nov 2009 16:35:46 +0100
 
 gforge (4.8.1+evolvis-7) unstable; urgency=low
 

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/help/tracker.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/help/tracker.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/help/tracker.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -28,7 +28,7 @@
 
 $helpname = getStringFromRequest('helpname');
 
-help_header('Tracker Help - ' . ucwords(str_replace('_',' ',$helpname)));
+help_header('Tracker Help - ' . htmlspecialchars(ucwords(str_replace('_',' ',$helpname))));
 ?>
 <table width="100%" cellpadding="0" cellspacing="0" border="0">
 <tr>
@@ -75,7 +75,7 @@
 			print( _('You can monitor or un-monitor this item by clicking the "Monitor" button. <br /><br /><strong>Note!</strong> this will send you additional email. If you add comments to this item, or submitted, or are assigned this item, you will also get emails for those reasons as well!'));
 			break;
 		default:
-			print( _('UNKNOWN HELP REQUEST:'). $helpname);
+			print( _('UNKNOWN HELP REQUEST:'). htmlspecialchars($helpname));
 			break;
 	}
 ?>

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/include/pre.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/include/pre.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/include/pre.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -11,6 +11,14 @@
 // escaping lib
 require_once $gfcommon.'include/escapingUtils.php';
 
+if (isset($_SERVER) && array_key_exists('PHP_SELF', $_SERVER) && $_SERVER['PHP_SELF']) {
+	$_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
+}
+
+if (isset($GLOBALS) && array_key_exists('PHP_SELF', $GLOBALS) && $GLOBALS['PHP_SELF']) {
+	$GLOBALS['PHP_SELF'] = htmlspecialchars($GLOBALS['PHP_SELF']);
+}
+
 // Just say no to link prefetching (Moz prefetching, Google Web Accelerator, others)
 // http://www.google.com/webmasters/faq.html#prefetchblock
 if (getStringFromServer('HTTP_X_moz') === 'prefetch'){

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/pm/reporting/index.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/pm/reporting/index.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/pm/reporting/index.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -86,8 +86,8 @@
 	$period_clause=period2sql($period,$span,"start_date");
 
 	if ($what=="aging") {
-		$start = getStringFromRequest('start');
-		$end = getStringFromRequest('end');
+		$start = getIntFromRequest('start');
+		$end = getIntFromRequest('end');
 
 		pm_header(array ("title"=>_('Aging Report')));
 		pm_reporting_header($group_id);

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/project/stats/index.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/project/stats/index.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/project/stats/index.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -29,10 +29,11 @@
 }
 
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
+
 if (!$start) {
 	$z =& $report->getMonthStartArr();
 	$start = $z[count($z)-1];

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 	exit_error('Error',$report->getErrorMessage());
 }
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupadded_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -32,9 +32,9 @@
 
 session_require( array('group'=>$sys_stats_group) );
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 	exit_error($report->getErrorMessage());
 }
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/groupcum_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -32,9 +32,9 @@
 
 session_require( array('group'=>$sys_stats_group) );
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -38,9 +38,9 @@
 
 $g_id = getStringFromRequest('g_id');
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projectact_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -32,16 +32,11 @@
 require_once $gfwww.'include/unicode.php';
 
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
-$g_id = getStringFromRequest('g_id');
+$SPAN = getIntFromRequest('SPAN', 1);
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
+$g_id = getIntFromRequest('g_id');
 
-
-if (!$SPAN) {
-	$SPAN=1;
-}
-
 if (!$area) {
 	$area='tracker';
 }

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -40,8 +40,8 @@
 $typ = getStringFromRequest('typ');
 $g_id = getStringFromRequest('g_id');
 $typ = getStringFromRequest('typ');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/projecttime_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -36,8 +36,8 @@
 
 $g_id = getStringFromRequest('g_id');
 $type = getStringFromRequest('type');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/siteact_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/siteact_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/siteact_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 session_require( array('group'=>$sys_stats_group) );
 
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -38,8 +38,8 @@
 
 $typ = getStringFromRequest('typ');
 $type = getStringFromRequest('type');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetime_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,8 +34,8 @@
 
 session_require( array('group'=>$sys_stats_group) );
 
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 $type = getStringFromRequest('type');
 
 //

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -37,8 +37,8 @@
 }
 
 $typ = getStringFromRequest('typ');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/sitetimebar_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -45,8 +45,8 @@
 	exit;
 }
 
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$start=mktime(0,0,0,date('m'),1,date('Y'));;

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/timeadd.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/timeadd.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/timeadd.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -83,7 +83,7 @@
 		}
 
 	} elseif (getStringFromRequest('add')) {
-		$days_adjust = getStringFromRequest('days_adjust');
+		$days_adjust = getIntFromRequest('days_adjust');
 
 		if ($project_task_id && $week && $days_adjust && $time_code && $hours) {
 
@@ -99,7 +99,7 @@
 				$feedback.=_('Successfully Added');
 			}
 		} else {
-			echo "$project_task_id && $week && $days_adjust && $time_code && $hours";
+			echo "INTERNAL ERROR: add: $project_task_id && $week && $days_adjust && $time_code && $hours";
 			exit_error('Error',_('All Fields Are Required.'));
 		}
 

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -35,8 +35,8 @@
 }
 
 $datatype = getStringFromRequest('datatype');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/toolspie_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -48,8 +48,8 @@
 }
 
 $datatype = getIntFromRequest('datatype');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!isset($datatype)) {
 	$datatype=1;

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/trackerpie_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/trackerpie_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/trackerpie_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -49,8 +49,8 @@
 }
 
 $area = getStringFromRequest('area');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!isset($area)) {
 	$area='category';

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -39,9 +39,9 @@
 $sw = getStringFromRequest('sw');
 $dev_id = getStringFromRequest('dev_id');
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useract_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 session_require( array('group'=>$sys_stats_group) );
 
 $dev_id = getStringFromRequest('dev_id');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 $area = getStringFromRequest('area');
 
 //

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 	exit_error('Error',$report->getErrorMessage());
 }
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/useradded_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -32,9 +32,9 @@
 
 session_require( array('group'=>$sys_stats_group) );
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 	exit_error($report->getErrorMessage());
 }
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$start) {
 	$z =& $report->getMonthStartArr();

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usercum_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -32,9 +32,9 @@
 
 session_require( array('group'=>$sys_stats_group) );
 
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usersummary.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usersummary.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usersummary.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -36,8 +36,8 @@
 	exit_error($report->getErrorMessage());
 }
 
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 $tstat = getStringFromRequest('tstat');
 
 if (!$start) {

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usertime_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usertime_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/reporting/usertime_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -36,8 +36,8 @@
 
 $dev_id = getStringFromRequest('dev_id');
 $type = getStringFromRequest('type');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 //
 //	Create Report

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/browse.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/browse.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/browse.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -16,6 +16,8 @@
 	exit_permission_denied();
 }
 
+$query_id = getIntFromRequest('query_id');
+
 //
 //	The browse page can be powered by a pre-saved query
 //	or by select boxes chosen by the user
@@ -26,8 +28,6 @@
 //	If the query_id = -1, unset the pref and use regular browse boxes
 //
 if (session_loggedin()) {
-	$query_id = getIntFromRequest('query_id');
-
 	if($query_id) {
 		if ($query_id == '-1') {
 			$u =& session_get_user();
@@ -59,13 +59,13 @@
 	$_sort_ord = 'DESC';
 }
 
-$offset = @getStringFromRequest('offset',$offset);
-$_sort_col = @getStringFromRequest('_sort_col',$_sort_col);
-$_sort_ord = @getStringFromRequest('_sort_ord',$_sort_ord);
-$max_rows = @getStringFromRequest('max_rows',$max_rows);
-$set = @getStringFromRequest('set',$set);
-$_assigned_to = @getStringFromRequest('_assigned_to',$_assigned_to);
-$_status = @getStringFromRequest('_status',$_status);
+$offset = getStringFromRequest('offset',$offset);
+$_sort_col = getStringFromRequest('_sort_col',$_sort_col);
+$_sort_ord = getStringFromRequest('_sort_ord',$_sort_ord);
+$max_rows = getStringFromRequest('max_rows',$max_rows);
+$set = getStringFromRequest('set',$set);
+$_assigned_to = getIntFromRequest('_assigned_to',$_assigned_to);
+$_status = getIntFromRequest('_status',$_status);
 $_extra_fields = array() ;
 $aux_extra_fields = array() ;
 if ($set == 'custom') {

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/index.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/index.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/index.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -34,9 +34,9 @@
 $group_id = getIntFromRequest('group_id');
 $atid = getStringFromRequest('atid');
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 $report=new Report();
 if ($report->isError()) {

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackeract_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackeract_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackeract_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -32,9 +32,9 @@
 
 $group_id = getIntFromRequest('group_id');
 $atid = getStringFromRequest('atid');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 
 if (!$SPAN) {
 	$SPAN=REPORT_TYPE_MONTHLY;

Modified: trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackerpie_graph.php
===================================================================
--- trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackerpie_graph.php	2009-11-23 09:33:53 UTC (rev 208)
+++ trunk/gforge_base/gforge-4.8.1+evolvis/www/tracker/reporting/trackerpie_graph.php	2009-11-23 15:36:23 UTC (rev 209)
@@ -37,9 +37,9 @@
 $group_id = getIntFromRequest('group_id');
 $atid = getStringFromRequest('atid');
 $area = getStringFromRequest('area');
-$SPAN = getStringFromRequest('SPAN');
-$start = getStringFromRequest('start');
-$end = getStringFromRequest('end');
+$SPAN = getIntFromRequest('SPAN');
+$start = getIntFromRequest('start');
+$end = getIntFromRequest('end');
 //
 //	Create Report
 //




More information about the evolvis-commits mailing list