- use intval() instead of sanitizeString() where an integer is expected anyway

2025-02-11 09:35:00 +00:00 · 2011-06-15 06:08:47 +00:00 · 2011-06-15 06:08:47 +00:00 · c7c5c1f431
commit c7c5c1f431
parent b51b5b0fd4
10 changed files with 27 additions and 27 deletions
--- a/op/op.AddDocument.php
+++ b/op/op.AddDocument.php
@ -58,7 +58,7 @@ if (!is_numeric($sequence)) {
 	UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_sequence"));
 }

-$expires = ($_POST["expires"] == "true") ? mktime(0,0,0, sanitizeString($_POST["expmonth"]), sanitizeString($_POST["expday"]), sanitizeString($_POST["expyear"])) : false;
+$expires = ($_POST["expires"] == "true") ? mktime(0,0,0, intval($_POST["expmonth"]), intval($_POST["expday"]), intval($_POST["expyear"])) : false;

 // Get the list of reviewers and approvers for this document.
 $reviewers = array();
--- a/op/op.AddEvent.php
+++ b/op/op.AddEvent.php
@ -46,7 +46,7 @@ if (!isset($_POST["name"]) || !isset($_POST["comment"]) ) {

 $name     = sanitizeString($_POST["name"]);
 $comment  = sanitizeString($_POST["comment"]);
-$from = mktime(0,0,0, sanitizeString($_POST["frommonth"]), sanitizeString($_POST["fromday"]), sanitizeString($_POST["fromyear"]));
+$from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
 $to = mktime(23,59,59, sanitizeString($_POST["tomonth"]), sanitizeString($_POST["today"]), sanitizeString($_POST["toyear"]));

 if ($to<$from){
--- a/op/op.AddMultiDocument.php
+++ b/op/op.AddMultiDocument.php
@ -80,7 +80,7 @@ if( move_uploaded_file( $source_file_path, $target_file_path ) ) {
 			$sequence = 1;
 		}

-		$expires = ($_POST["expires"] == "true") ? mktime(0,0,0, sanitizeString($_POST["expmonth"]), sanitizeString($_POST["expday"]), sanitizeString($_POST["expyear"])) : false;
+		$expires = ($_POST["expires"] == "true") ? mktime(0,0,0, intval($_POST["expmonth"]), intval($_POST["expday"]), intval($_POST["expyear"])) : false;

 		// Get the list of reviewers and approvers for this document.
 		$reviewers = array();
--- a/op/op.EditEvent.php
+++ b/op/op.EditEvent.php
@ -50,11 +50,11 @@ if (!isset($_POST["eventid"])) {

 $name     = sanitizeString($_POST["name"]);
 $comment  = sanitizeString($_POST["comment"]);
-$from = mktime(0,0,0, sanitizeString($_POST["frommonth"]), sanitizeString($_POST["fromday"]), sanitizeString($_POST["fromyear"]));
-$to = mktime(23,59,59, sanitizeString($_POST["tomonth"]), sanitizeString($_POST["today"]), sanitizeString($_POST["toyear"]));
+$from = mktime(0,0,0, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
+$to = mktime(23,59,59, intval($_POST["tomonth"]), intval($_POST["today"]), intval($_POST["toyear"]));

 if ($to<$from){
-	$to= mktime(23,59,59, sanitizeString($_POST["frommonth"]), sanitizeString($_POST["fromday"]), sanitizeString($_POST["fromyear"]));
+	$to= mktime(23,59,59, intval($_POST["frommonth"]), intval($_POST["fromday"]), intval($_POST["fromyear"]));
 }

 $res = editEvent($_POST["eventid"], $from, $to, $name, $comment );
--- a/op/op.SetExpires.php
+++ b/op/op.SetExpires.php
@ -41,7 +41,7 @@ if ($document->getAccessMode($user) < M_READWRITE) {
 	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
 }

-$expires = ($_POST["expires"] == "true") ? mktime(0,0,0, sanitizeString($_POST["expmonth"]), sanitizeString($_POST["expday"]), sanitizeString($_POST["expyear"])) : false;
+$expires = ($_POST["expires"] == "true") ? mktime(0,0,0, intval($_POST["expmonth"]), intval($_POST["expday"]), intval($_POST["expyear"])) : false;
 if (!$document->setExpires($expires)){
 	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("error_occured"));
 }
--- a/op/op.UserDefaultKeywords.php
+++ b/op/op.UserDefaultKeywords.php
@ -56,10 +56,10 @@ if ($action == "addcategory") {
 else if ($action == "removecategory") {

 	if (isset($_POST["categoryid"])) {
-		$categoryid = sanitizeString($_POST["categoryid"]);
+		$categoryid = intval($_POST["categoryid"]);
 	}
 	else {
-		$categoryid = sanitizeString($_GET["categoryid"]);
+		$categoryid = intval($_GET["categoryid"]);
 	}
 	$category = $dms->getKeywordCategory($categoryid);
 	if (is_object($category)) {
@ -79,10 +79,10 @@ else if ($action == "removecategory") {
 else if ($action == "editcategory") {

 	if (isset($_POST["categoryid"])) {
-		$categoryid = sanitizeString($_POST["categoryid"]);
+		$categoryid = intval($_POST["categoryid"]);
 	}
 	else {
-		$categoryid = sanitizeString($_GET["categoryid"]);
+		$categoryid = intval($_GET["categoryid"]);
 	}
 	$category = $dms->getKeywordCategory($categoryid);
 	if (is_object($category)) {
@ -108,10 +108,10 @@ else if ($action == "editcategory") {
 else if ($action == "newkeywords") {

 	if (isset($_POST["categoryid"])) {
-		$categoryid = sanitizeString($_POST["categoryid"]);
+		$categoryid = intval($_POST["categoryid"]);
 	}
 	else {
-		$categoryid = sanitizeString($_GET["categoryid"]);
+		$categoryid = intval($_GET["categoryid"]);
 	}
 	$category = $dms->getKeywordCategory($categoryid);
 	if (is_object($category)) {
@ -137,10 +137,10 @@ else if ($action == "newkeywords") {
 else if ($action == "editkeywords") {

 	if (isset($_POST["categoryid"])) {
-		$categoryid = sanitizeString($_POST["categoryid"]);
+		$categoryid = intval($_POST["categoryid"]);
 	}
 	else {
-		$categoryid = sanitizeString($_GET["categoryid"]);
+		$categoryid = intval($_GET["categoryid"]);
 	}
 	$category = $dms->getKeywordCategory($categoryid);
 	if (is_object($category)) {
@ -150,10 +150,10 @@ else if ($action == "editkeywords") {
 		}

 		if (isset($_POST["keywordsid"])) {
-			$keywordsid = sanitizeString($_POST["keywordsid"]);
+			$keywordsid = intval($_POST["keywordsid"]);
 		}
 		else {
-			$keywordsid = sanitizeString($_GET["keywordsid"]);
+			$keywordsid = intval($_GET["keywordsid"]);
 		}
 		if (!is_numeric($keywordsid)) {
 			UI::exitError(getMLText("personal_default_keywords"),getMLText("unknown_keyword_category"));
@ -170,10 +170,10 @@ else if ($action == "editkeywords") {
 else if ($action == "removekeywords") {

 	if (isset($_POST["categoryid"])) {
-		$categoryid = sanitizeString($_POST["categoryid"]);
+		$categoryid = intval($_POST["categoryid"]);
 	}
 	else {
-		$categoryid = sanitizeString($_GET["categoryid"]);
+		$categoryid = intval($_GET["categoryid"]);
 	}
 	$category = $dms->getKeywordCategory($categoryid);
 	if (is_object($category)) {
@ -182,10 +182,10 @@ else if ($action == "removekeywords") {
 			UI::exitError(getMLText("personal_default_keywords"),getMLText("access_denied"));
 		}
 		if (isset($_POST["keywordsid"])) {
-			$keywordsid = sanitizeString($_POST["keywordsid"]);
+			$keywordsid = intval($_POST["keywordsid"]);
 		}
 		else {
-			$keywordsid = sanitizeString($_GET["keywordsid"]);
+			$keywordsid = intval($_GET["keywordsid"]);
 		}
 		if (!is_numeric($keywordsid)) {
 			UI::exitError(getMLText("personal_default_keywords"),getMLText("unknown_keyword_category"));
--- a/out/out.DocumentChooser.php
+++ b/out/out.DocumentChooser.php
@ -24,7 +24,7 @@ include("../inc/inc.DBInit.php");
 include("../inc/inc.Language.php");
 include("../inc/inc.Authentication.php");

-$folderid = sanitizeString($_GET["folderid"]);
+$folderid = intval($_GET["folderid"]);
 $form = sanitizeString($_GET["form"]);

 function getImgPath($img) {
--- a/out/out.FolderChooser.php
+++ b/out/out.FolderChooser.php
@ -24,8 +24,8 @@ include("../inc/inc.Language.php");
 include("../inc/inc.Authentication.php");

 $form = sanitizeString($_GET["form"]);
-$mode = sanitizeString($_GET["mode"]);
-$exclude = sanitizeString($_GET["exclude"]);
+$mode = intval($_GET["mode"]);
+$exclude = intval($_GET["exclude"]);

 UI::htmlStartPage(getMLText("choose_target_folder"));
 UI::globalBanner();
--- a/out/out.Settings.php
+++ b/out/out.Settings.php
@ -70,11 +70,11 @@ function ShowHide(strId)
      <tr ><td><b> <?php printMLText("settings_Display");?></b></td> </tr>
      <tr title="<?php printMLText("settings_siteName_desc");?>">
        <td><?php printMLText("settings_siteName");?>:</td>
-        <td><input name="siteName" value="<?php echo sanitizeString($settings->_siteName) ?>"/></td>
+        <td><input name="siteName" value="<?php echo $settings->_siteName ?>"/></td>
      </tr>
      <tr title="<?php printMLText("settings_footNote_desc");?>">
        <td><?php printMLText("settings_footNote");?>:</td>
-        <td><input name="footNote" value="<?php echo sanitizeString($settings->_footNote) ?>" size="100"/></td>
+        <td><input name="footNote" value="<?php echo $settings->_footNote ?>" size="100"/></td>
      </tr>
      <tr title="<?php printMLText("settings_printDisclaimer_desc");?>">
        <td><?php printMLText("settings_printDisclaimer");?>:</td>
--- a/out/out.UserImage.php
+++ b/out/out.UserImage.php
@ -24,7 +24,7 @@ include("../inc/inc.Authentication.php");
 /* Get the user as passed to the script. This allows to show
 * pictures of other users as well
 */
-$userid = sanitizeString($_GET["userid"]);
+$userid = intval($_GET["userid"]);
 $myUser = $dms->getUser($userid);

 if (!$myUser->hasImage())