Add db_clean_*() functions to abstract the variable cleaning process …

…so it's obvious that's what is happening and easy to change globally later. Will start using these during the addslashes() cleanup or during the major security overhaul, whatever proves easier. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@1264 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Aug 20, 2002 · 462c2a1 · 462c2a1
1 parent 65aa7bd
commit 462c2a1
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/core_database_API.php b/core_database_API.php
@@ -6,11 +6,11 @@
 	# See the files README and LICENSE for details
 
 	# --------------------------------------------------------
-	# $Revision: 1.16 $
-	# $Author: jlatour $
-	# $Date: 2002-08-15 22:21:11 $
+	# $Revision: 1.17 $
+	# $Author: jfitzell $
+	# $Date: 2002-08-20 19:55:26 $
 	#
-	# $Id: core_database_API.php,v 1.16 2002-08-15 22:21:11 jlatour Exp $
+	# $Id: core_database_API.php,v 1.17 2002-08-20 19:55:26 jfitzell Exp $
 	# --------------------------------------------------------
 
 	###########################################################################
@@ -152,6 +152,23 @@ function db_close() {
 		$t_result = mysql_close();
 	}
 	# --------------------
+	# clean a string before putting it in the DB
+	function db_clean_string( $p_string ) {
+		$c_string = addslashes( $p_string );
+
+		return $c_string;
+	}
+	# --------------------
+	# clean an integer before putting it in the DB
+	function db_clean_int( $p_int ) {
+		return (integer)$p_int;
+	}
+	# --------------------
+	# clean a boolean before putting it in the DB
+	function db_clean_bool( $p_bool ) {
+		return (bool)$p_bool;
+	}
+	# --------------------
 
 	if ( !isset( $f_skip_open_db ) ) {
 		if ( OFF == $g_use_persistent_connections ) {

diff --git a/doc/ChangeLog b/doc/ChangeLog
@@ -24,6 +24,7 @@ Mantis ChangeLog
  * Added Chinese Simplified translation.
  * Added configuration flags ($g_show_queries_count and $g_show_queries_list) that track the executed queries and display their total count, unique queries count, and the actual list of queries executed.
  * Added custom attributes for the 7 ones in config_inc.php : priority, severity, status (with colors), etc... Define it in manage_proj_menu_page.php ; implementation has been thought in a 'per project Settings' conception, but only available for all projects right now.
+ * Added db_clean_string(), db_clean_int(), and db_clean_bool() to be called on data before it goes into the database
  * Added delete_user() function to core_user_API.php and replaced this functionality in other files with a call to this function.
  * Added links from the counters of bugs reported and assigned to logged in user to their corresponding filtered view.
  * Added more visual graph pages in summary_page.php. Caution, old versions of JPGraph may cause problems, use v1.6.3 or above if you can.