logo       
<prev   next>


mantisbt account_page.php, 1.51, 1.52 adm_config_report.php, 1.5, 1.6 billi: msg#00063

Subject: mantisbt account_page.php, 1.51, 1.52 adm_config_report.php, 1.5, 1.6 billing_inc.php, 1.4, 1.5 bug_report_advanced_page.php, 1.58, 1.59 bug_report_page.php, 1.59, 1.60 bug_update_advanced_page.php, 1.95, 1.96 bug_update_page.php, 1.95, 1.96 bug_view_advanced_page.php, 1.82, 1.83 bug_view_page.php, 1.84, 1.85 manage_proj_edit_page.php, 1.97, 1.98 manage_user_create.php, 1.22, 1.23 manage_user_edit_page.php, 1.16, 1.17 manage_user_page.php, 1.62, 1.63 manage_user_update.php, 1.38, 1.39 print_all_bug_page.php, 1.87, 1.88 print_bug_page.php, 1.58, 1.59 
Update of /cvsroot/mantisbt/mantisbt
In directory sc8-pr-cvs7.sourceforge.net:/tmp/cvs-serv25458

Modified Files:
        account_page.php adm_config_report.php billing_inc.php 
        bug_report_advanced_page.php bug_report_page.php 
        bug_update_advanced_page.php bug_update_page.php 
        bug_view_advanced_page.php bug_view_page.php 
        manage_proj_edit_page.php manage_user_create.php 
        manage_user_edit_page.php manage_user_page.php 
        manage_user_update.php print_all_bug_page.php 
        print_bug_page.php 
Log Message:
Fixed #7795: Port 7784: sec fix.

Index: bug_view_advanced_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_view_advanced_page.php,v
retrieving revision 1.82
retrieving revision 1.83
diff -u -d -r1.82 -r1.83
--- bug_view_advanced_page.php  11 Nov 2006 07:37:59 -0000      1.82
+++ bug_view_advanced_page.php  6 Mar 2007 07:05:18 -0000       1.83
@@ -485,7 +485,7 @@
 ?>
        <tr <?php echo helper_alternate_class() ?>>
                <td class="category">
-                       <?php echo lang_get_defaulted( $t_def['name'] ) ?>
+                       <?php echo string_display( lang_get_defaulted( 
$t_def['name'] ) ) ?>
                </td>
                <td colspan="5">
                <?php print_custom_field_value( $t_def, $t_id, $f_bug_id ); ?>

Index: account_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/account_page.php,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -d -r1.51 -r1.52
--- account_page.php    17 Jul 2005 21:56:21 -0000      1.51
+++ account_page.php    6 Mar 2007 07:05:18 -0000       1.52
@@ -187,7 +187,7 @@
                        <?php echo lang_get( 'realname' ) ?>
                </td>
                <td>
-                       <input type="text" size="32" maxlength="64" 
name="realname" value="<?php echo $u_realname ?>" />
+                       <input type="text" size="32" maxlength="64" 
name="realname" value="<?php echo string_attribute( $u_realname ) ?>" />
                </td>
        </tr>
 

Index: billing_inc.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/billing_inc.php,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -d -r1.4 -r1.5
--- billing_inc.php     7 Jan 2007 11:36:48 -0000       1.4
+++ billing_inc.php     6 Mar 2007 07:05:18 -0000       1.5
@@ -131,7 +131,7 @@
 <tr <?php echo helper_alternate_class() ?>>
        <td class="small-caption">&nbsp;</td>
        <td class="small-caption">
-               <?php echo $t_item['username'] ?>
+               <?php echo string_display( $t_item['username'] ) ?>
        </td>
        <td class="small-caption">
                <?php echo $t_item['sum_time_tracking'] ?>

Index: manage_user_create.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_user_create.php,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- manage_user_create.php      21 Mar 2005 20:48:55 -0000      1.22
+++ manage_user_create.php      6 Mar 2007 07:05:18 -0000       1.23
@@ -36,6 +36,7 @@
        #  blank password (don't want to prompt the user if the process will 
fail
        #  anyway)
        user_ensure_name_valid( $f_username );
+       user_ensure_realname_valid( $f_username );
 
        if ( $f_password != $f_password_verify ) {
                trigger_error( ERROR_USER_CREATE_PASSWORD_MISMATCH, ERROR );

Index: bug_view_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_view_page.php,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -d -r1.84 -r1.85
--- bug_view_page.php   4 Jan 2007 10:07:44 -0000       1.84
+++ bug_view_page.php   6 Mar 2007 07:05:18 -0000       1.85
@@ -359,7 +359,7 @@
 ?>
        <tr <?php echo helper_alternate_class() ?>>
                <td class="category">
-                       <?php echo lang_get_defaulted( $t_def['name'] ) ?>
+                       <?php echo string_display( lang_get_defaulted( 
$t_def['name'] ) ) ?>
                </td>
                <td colspan="5">
                        <?php print_custom_field_value( $t_def, $t_id, 
$f_bug_id ); ?>

Index: print_bug_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/print_bug_page.php,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- print_bug_page.php  12 Aug 2006 08:04:13 -0000      1.58
+++ print_bug_page.php  6 Mar 2007 07:05:18 -0000       1.59
@@ -249,7 +249,7 @@
 ?>
 <tr class="print">
        <td class="print-category">
-               <?php echo lang_get_defaulted( $t_def['name'] ) ?>:
+               <?php echo string_display( lang_get_defaulted( $t_def['name'] ) 
) ?>:
        </td>
        <td class="print" colspan="4">
                <?php print_custom_field_value( $t_def, $t_id, $f_bug_id ); ?>

Index: bug_report_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_report_page.php,v
retrieving revision 1.59
retrieving revision 1.60
diff -u -d -r1.59 -r1.60
--- bug_report_page.php 12 Aug 2006 08:04:13 -0000      1.59
+++ bug_report_page.php 6 Mar 2007 07:05:18 -0000       1.60
@@ -264,7 +264,7 @@
                <?php if( $t_def['require_report'] ) { ?>
                        <span class="required">*</span>
                <?php } ?>
-               <?php echo lang_get_defaulted( $t_def['name'] ) ?>
+               <?php echo string_display( lang_get_defaulted( $t_def['name'] ) 
) ?>
        </td>
        <td>
                <?php print_custom_field_input( $t_def, ( $f_master_bug_id === 
0 ) ? null : $f_master_bug_id ) ?>

Index: manage_user_update.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_user_update.php,v
retrieving revision 1.38
retrieving revision 1.39
diff -u -d -r1.38 -r1.39
--- manage_user_update.php      26 Mar 2006 10:35:33 -0000      1.38
+++ manage_user_update.php      6 Mar 2007 07:05:18 -0000       1.39
@@ -37,6 +37,9 @@
         && false == user_is_name_unique( $f_username ) ) {
                trigger_error( ERROR_USER_NAME_NOT_UNIQUE, ERROR );
        }
+
+       user_ensure_name_valid( $f_username );
+       user_ensure_realname_valid( $f_realname );
        user_ensure_realname_unique( $f_username, $f_realname );
 
        $f_email = email_append_domain( $f_email );

Index: bug_report_advanced_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_report_advanced_page.php,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -d -r1.58 -r1.59
--- bug_report_advanced_page.php        15 Aug 2006 07:11:23 -0000      1.58
+++ bug_report_advanced_page.php        6 Mar 2007 07:05:18 -0000       1.59
@@ -378,7 +378,7 @@
 ?>
 <tr <?php echo helper_alternate_class() ?>>
        <td class="category">
-               <?php if($t_def['require_report']) {?><span 
class="required">*</span><?php } ?><?php echo lang_get_defaulted( 
$t_def['name'] ) ?>
+               <?php if($t_def['require_report']) {?><span 
class="required">*</span><?php } ?><?php echo string_display( 
lang_get_defaulted( $t_def['name'] ) ) ?>
        </td>
        <td>
                <?php print_custom_field_input( $t_def, ( $f_master_bug_id === 
0 ) ? null : $f_master_bug_id ) ?>

Index: bug_update_advanced_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_update_advanced_page.php,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- bug_update_advanced_page.php        4 Jan 2007 10:07:44 -0000       1.95
+++ bug_update_advanced_page.php        6 Mar 2007 07:05:18 -0000       1.96
@@ -480,7 +480,7 @@
 ?>
 <tr <?php echo helper_alternate_class() ?>>
        <td class="category">
-               <?php if($t_def['require_update']) {?><span 
class="required">*</span><?php } ?><?php echo lang_get_defaulted( 
$t_def['name'] ) ?>
+               <?php if($t_def['require_update']) {?><span 
class="required">*</span><?php } ?><?php echo string_display( 
lang_get_defaulted( $t_def['name'] ) ) ?>
        </td>
        <td colspan="5">
                <?php

Index: manage_proj_edit_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_proj_edit_page.php,v
retrieving revision 1.97
retrieving revision 1.98
diff -u -d -r1.97 -r1.98
--- manage_proj_edit_page.php   21 Apr 2006 10:36:19 -0000      1.97
+++ manage_proj_edit_page.php   6 Mar 2007 07:05:18 -0000       1.98
@@ -477,7 +477,7 @@
        ?>
                        <tr <?php echo helper_alternate_class() ?>>
                                <td>
-                                       <?php echo $t_desc['name'] ?>
+                                       <?php echo string_display( 
$t_desc['name'] ) ?>
                                </td>
                                <td>
 <form method="post" action="manage_proj_custom_field_update.php">

Index: manage_user_edit_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_user_edit_page.php,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -d -r1.16 -r1.17
--- manage_user_edit_page.php   26 Mar 2006 10:35:33 -0000      1.16
+++ manage_user_edit_page.php   6 Mar 2007 07:05:18 -0000       1.17
@@ -55,7 +55,7 @@
                <?php echo lang_get( 'realname' ) ?>:
        </td>
        <td width="70%">
-               <input type="text" size="16" maxlength="100" name="realname" 
value="<?php echo $t_user['realname'] ?>" />
+               <input type="text" size="16" maxlength="100" name="realname" 
value="<?php echo string_attribute( $t_user['realname'] ) ?>" />
        </td>
 </tr>
 

Index: adm_config_report.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/adm_config_report.php,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- adm_config_report.php       12 Sep 2006 03:38:57 -0000      1.5
+++ adm_config_report.php       6 Mar 2007 07:05:18 -0000       1.6
@@ -41,7 +41,7 @@
                                return;
                        case CONFIG_TYPE_STRING:
                                $t_value = config_eval( $p_value );
-                               echo "'$t_value'";
+                               echo "'" . string_display( $t_value ) . "'";
                                return;
                        case CONFIG_TYPE_COMPLEX:
                                $t_value = unserialize( $p_value );

Index: bug_update_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/bug_update_page.php,v
retrieving revision 1.95
retrieving revision 1.96
diff -u -d -r1.95 -r1.96
--- bug_update_page.php 4 Jan 2007 10:07:44 -0000       1.95
+++ bug_update_page.php 6 Mar 2007 07:05:18 -0000       1.96
@@ -356,7 +356,7 @@
 ?>
 <tr <?php echo helper_alternate_class() ?>>
        <td class="category">
-               <?php if($t_def['require_update']) {?><span 
class="required">*</span><?php } ?><?php echo lang_get_defaulted( 
$t_def['name'] ) ?>
+               <?php if ( $t_def['require_update'] ) {?><span 
class="required">*</span><?php } ?><?php echo string_display( 
lang_get_defaulted( $t_def['name'] ) ) ?>
        </td>
        <td colspan="5">
                <?php

Index: print_all_bug_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/print_all_bug_page.php,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -d -r1.87 -r1.88
--- print_all_bug_page.php      15 Aug 2006 07:11:23 -0000      1.87
+++ print_all_bug_page.php      6 Mar 2007 07:05:18 -0000       1.88
@@ -79,7 +79,7 @@
 
 <table class="width100"><tr><td class="form-title">
        <div class="center">
-               <?php echo config_get( 'window_title' ) . ' - ' . 
string_display( project_get_name( $t_project_id ) ); ?>
+               <?php echo string_display( config_get( 'window_title' ) ) . ' - 
' . string_display( project_get_name( $t_project_id ) ); ?>
        </div>
 </td></tr></table>
 

Index: manage_user_page.php
===================================================================
RCS file: /cvsroot/mantisbt/mantisbt/manage_user_page.php,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -d -r1.62 -r1.63
--- manage_user_page.php        20 Feb 2007 05:43:25 -0000      1.62
+++ manage_user_page.php        6 Mar 2007 07:05:18 -0000       1.63
@@ -103,7 +103,7 @@
                echo ' : ';
        }
 
-       echo '<a href="manage_user_edit_page.php?user_id=', $row['id'], '">', 
$row['username'], '</a>';
+       echo '<a href="manage_user_edit_page.php?user_id=', $row['id'], '">', 
string_display( $row['username'] ), '</a>';
 }
 ?>
        </td>
@@ -139,7 +139,7 @@
                        echo ' : ';
                }
 
-               echo '<a href="manage_user_edit_page.php?user_id=', $row['id'], 
'">', $row['username'], '</a>';
+               echo '<a href="manage_user_edit_page.php?user_id=', $row['id'], 
'">', string_display( $row['username'] ), '</a>';
        }
 ?>
        </td>
@@ -263,9 +263,9 @@
 ?>
 <tr <?php echo helper_alternate_class( $i ) ?>>
        <td>
-               <a href="manage_user_edit_page.php?user_id=<?php echo $u_id 
?>"><?php echo $u_username ?></a>
+               <a href="manage_user_edit_page.php?user_id=<?php echo $u_id 
?>"><?php echo string_display( $u_username ) ?></a>
        </td>
-       <td><?php echo $u_realname ?></td>
+       <td><?php echo string_display( $u_realname ) ?></td>
        <td><?php print_email_link( $u_email, $u_email ) ?></td>
        <td><?php echo get_enum_element( 'access_levels', $u_access_level ) 
?></td>
        <td><?php echo trans_bool( $u_enabled ) ?></td>


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Ruby Jobs
Java Jobs
Jobs in California
more...
what
job title, keywords
where
city, state, zip
jobs by job search
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  mantisbt/lang strings_english.txt,1.288,1.289, Victor Boctor
Next by Date:  mantisbt/core custom_field_api.php, 1.60, 1.61 history_api.php, 1.38, 1.39 html_api.php, 1.202, 1.203 prepare_api.php, 1.1, 1.2 print_api.php, 1.159, 1.160 string_api.php, 1.84, 1.85 user_api.php, 1.107, 1.108, Victor Boctor
Previous by Thread:  mantisbt/lang strings_english.txt,1.288,1.289, Victor Boctor
Next by Thread:  mantisbt/core custom_field_api.php, 1.60, 1.61 history_api.php, 1.38, 1.39 html_api.php, 1.202, 1.203 prepare_api.php, 1.1, 1.2 print_api.php, 1.159, 1.160 string_api.php, 1.84, 1.85 user_api.php, 1.107, 1.108, Victor Boctor
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
encryption.gpg....    ietf.rfc822/199...    freebsd.devel.i...    lang.haskell.li...    mail.squirrelma...    web.zope.plone....    yellowdog.gener...    text.xml.xalan....    recreation.phot...    kde.devel.educa...    hardware.bus.ca...    printing.ghosts...    voip.peering/20...    assembly/2006-0...    org.user-groups...    culture.interne...    network.i2p/200...    boot-loaders.ya...    xfree86.render/...    qnx.openqnx.dev...    jakarta.velocit...    user-groups.pal...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe