bug 1226: Treat the date values as integer
authorMichael Tänzer <neo@nhng.de>
Sat, 21 Jun 2014 21:56:28 +0000 (23:56 +0200)
committerMichael Tänzer <neo@nhng.de>
Sat, 21 Jun 2014 21:56:28 +0000 (23:56 +0200)
Signed-off-by: Michael Tänzer <neo@nhng.de>
pages/wot/5.php
pages/wot/6.php
www/wot.php

index a9c3dcb..7fdd1c5 100644 (file)
   }
 
   if (!isset($_SESSION['assuresomeone']['year'])) {
-      $_SESSION['assuresomeone']['year'] = '';
+      $_SESSION['assuresomeone']['year'] = 0;
   }
   if (!isset($_SESSION['assuresomeone']['month'])) {
-      $_SESSION['assuresomeone']['month'] = '';
+      $_SESSION['assuresomeone']['month'] = 0;
   }
   if (!isset($_SESSION['assuresomeone']['day'])) {
-      $_SESSION['assuresomeone']['day'] = '';
+      $_SESSION['assuresomeone']['day'] = 0;
   }
 ?>
 <? if(array_key_exists('noemailfound',$_SESSION['_config']) && $_SESSION['_config']['noemailfound'] == 1) { ?>
         <?=_("Date of Birth")?><br/>
         (<?=_("yyyy/mm/dd")?>)</td>
     <td class="DataTD">
-        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) ? sanitizeHTML($_SESSION['assuresomeone']['year']):""?>" size="4" autocomplete="off"></nobr>
+        <input type="text" name="year" value="<?=array_key_exists('year',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['year']) !== 0 ? intval($_SESSION['assuresomeone']['year']):''?>" size="4" autocomplete="off"></nobr>
         <select name="month">
 <?
 for($i = 1; $i <= 12; $i++)
 {
     echo "<option value='$i'";
-    if(array_key_exists('month',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['month'] == $i)
+    if(array_key_exists('month',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['month']) === $i)
         echo " selected=\"selected\"";
     echo ">".ucwords(strftime("%B", mktime(0,0,0,$i,1,date("Y"))))." ($i)</option>\n";
 }
@@ -92,7 +92,7 @@ for($i = 1; $i <= 12; $i++)
 for($i = 1; $i <= 31; $i++)
 {
     echo "<option";
-    if(array_key_exists('day',$_SESSION['assuresomeone']) && $_SESSION['assuresomeone']['day'] == $i)
+    if(array_key_exists('day',$_SESSION['assuresomeone']) && intval($_SESSION['assuresomeone']['day']) === $i)
         echo " selected=\"selected\"";
     echo ">$i</option>";
 }
index 6934d0f..200a526 100644 (file)
@@ -24,9 +24,9 @@
        }
 
        $row = $_SESSION['_config']['notarise'];
-       $_SESSION['assuresomeone']['year'] = '';
-       $_SESSION['assuresomeone']['month'] = '';
-       $_SESSION['assuresomeone']['day'] = '';
+       $_SESSION['assuresomeone']['year'] = 0;
+       $_SESSION['assuresomeone']['month'] = 0;
+       $_SESSION['assuresomeone']['day'] = 0;
 
        if($_SESSION['profile']['ttpadmin'] == 1)
 //             $methods = array("Face to Face Meeting", "Trusted 3rd Parties", "TopUP");
index e1d1572..40a60a6 100644 (file)
@@ -199,9 +199,9 @@ function send_reminder()
                                exit;
                        }
                        if ($_SESSION['profile']['ttpadmin'] != 1) {
-                               $_SESSION['assuresomeone']['year'] = mysql_real_escape_string(stripslashes($_POST['year']));
-                               $_SESSION['assuresomeone']['month'] = mysql_real_escape_string(stripslashes($_POST['month']));
-                               $_SESSION['assuresomeone']['day'] = mysql_real_escape_string(stripslashes($_POST['day']));
+                               $_SESSION['assuresomeone']['year'] = intval($_POST['year']);
+                               $_SESSION['assuresomeone']['month'] = intval($_POST['month']);
+                               $_SESSION['assuresomeone']['day'] = intval($_POST['day']);
                                $dob = $_SESSION['assuresomeone']['year'] . '-' . sprintf('%02d',$_SESSION['assuresomeone']['month']) . '-' . sprintf('%02d', $_SESSION['assuresomeone']['day']);
 
                                if (    $_SESSION['_config']['notarise']['dob'] != $dob) {