From 68e56f262fac13f616df907be82d48086bd5e9be Mon Sep 17 00:00:00 2001
From: David Hicks <hickseydr@optusnet.com.au>
Date: Sat, 25 Dec 2010 14:04:46 +1100
Subject: [PATCH] Fix #11909: history_localize_item sending wrong argument type
 to bug_revision_exists

Within history_api, the history_localize_item function is calling the
bug_revision_exists function of bug_revision_api with the wrong argument
type. It should be sending an integer, not a string.

As bug_revision_api doesn't use db_prepare_int when building queries
this error will result in SQL query execution errors when an integer
field in the database is compared to the supplied string (type
mismatch).
---
 core/history_api.php | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/core/history_api.php b/core/history_api.php
index a5913823ed..33814c1da1 100644
--- a/core/history_api.php
+++ b/core/history_api.php
@@ -403,11 +403,13 @@ function history_localize_item( $p_field_name, $p_type, $p_old_value, $p_new_val
 					break;
 				case BUGNOTE_UPDATED:
 					$t_note = lang_get( 'bugnote_edited' ) . ': ' . $p_old_value;
-					if ( $p_linkify && bug_revision_exists( $p_new_value ) ) {
-						if ( bugnote_exists( $p_old_value ) ) {
-							$t_bug_revision_view_page_argument = 'bugnote_id=' . $p_old_value . '#r' . $p_new_value;
+					$t_old_value = (int)$p_old_value;
+					$t_new_value = (int)$p_new_value;
+					if ( $p_linkify && bug_revision_exists( $t_new_value ) ) {
+						if ( bugnote_exists( $t_old_value ) ) {
+							$t_bug_revision_view_page_argument = 'bugnote_id=' . $t_old_value . '#r' . $t_new_value;
 						} else {
-							$t_bug_revision_view_page_argument = 'rev_id=' . $p_new_value;
+							$t_bug_revision_view_page_argument = 'rev_id=' . $t_new_value;
 						}
 						$t_change = '<a href="bug_revision_view_page.php?' . $t_bug_revision_view_page_argument . '">' .
 							lang_get( 'view_revisions' ) . '</a>';
@@ -419,24 +421,27 @@ function history_localize_item( $p_field_name, $p_type, $p_old_value, $p_new_val
 					break;
 				case DESCRIPTION_UPDATED:
 					$t_note = lang_get( 'description_updated' );
-					if ( $p_linkify && bug_revision_exists( $p_old_value ) ) {
-						$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $p_old_value . '#r' . $p_old_value . '">' .
+					$t_old_value = (int)$p_old_value;
+					if ( $p_linkify && bug_revision_exists( $t_old_value ) ) {
+						$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $t_old_value . '#r' . $t_old_value . '">' .
 							lang_get( 'view_revisions' ) . '</a>';
 						$t_raw = false;
 					}
 					break;
 				case ADDITIONAL_INFO_UPDATED:
 					$t_note = lang_get( 'additional_information_updated' );
-					if ( $p_linkify && bug_revision_exists( $p_old_value ) ) {
-						$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $p_old_value . '#r' . $p_old_value . '">' .
+					$t_old_value = (int)$p_old_value;
+					if ( $p_linkify && bug_revision_exists( $t_old_value ) ) {
+						$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $t_old_value . '#r' . $t_old_value . '">' .
 							lang_get( 'view_revisions' ) . '</a>';
 						$t_raw = false;
 					}
 					break;
 				case STEP_TO_REPRODUCE_UPDATED:
 					$t_note = lang_get( 'steps_to_reproduce_updated' );
-					if ( $p_linkify && bug_revision_exists( $p_old_value ) ) {
-						$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $p_old_value . '#r' . $p_old_value . '">' .
+					$t_old_value = (int)$p_old_value;
+					if ( $p_linkify && bug_revision_exists( $t_old_value ) ) {
+						$t_change = '<a href="bug_revision_view_page.php?rev_id=' . $t_old_value . '#r' . $t_old_value . '">' .
 							lang_get( 'view_revisions' ) . '</a>';
 						$t_raw = false;
 					}