The following patch should fix the problem.
diff -rau acidbase-1.2.1.old/base_graph_display.php acidbase-1.2.1/base_graph_display.php
--- acidbase-1.2.1.old/base_graph_display.php 2005-11-12 13:37:42.000000000 +0100
+++ acidbase-1.2.1/base_graph_display.php 2005-11-12 14:54:45.000000000 +0100
@@ -32,6 +32,7 @@
*/
include ("base_conf.php");
+ include ("$BASE_path/includes/base_constants.inc.php");
include ("$BASE_path/includes/base_state_common.inc.php");
include ("$BASE_path/base_graph_common.php");
require_once('Image/Graph.php');
diff -rau acidbase-1.2.1.old/includes/base_constants.inc.php acidbase-1.2.1/includes/base_constants.inc.php
--- acidbase-1.2.1.old/includes/base_constants.inc.php 2005-11-12 13:37:42.000000000 +0100
+++ acidbase-1.2.1/includes/base_constants.inc.php 2005-11-12 13:38:55.000000000 +0100
@@ -65,4 +65,5 @@
define("VAR_CPAREN", 2048); /* ) */
define("VAR_USCORE", 4096);
define("VAR_AT", 8192);
+define("VAR_SCORE", 16384);
?>
diff -rau acidbase-1.2.1.old/includes/base_state_citems.inc.php acidbase-1.2.1/includes/base_state_citems.inc.php
--- acidbase-1.2.1.old/includes/base_state_citems.inc.php 2005-11-12 13:37:42.000000000 +0100
+++ acidbase-1.2.1/includes/base_state_citems.inc.php 2005-11-12 13:40:57.000000000 +0100
@@ -367,7 +367,7 @@
function SanitizeElement()
{
$this->criteria[0] = CleanVariable(@$this->criteria[0], "", array(" ", "=", "LIKE"));
- $this->criteria[1] = CleanVariable(@$this->criteria[1], VAR_ALPHA | VAR_SPACE);
+ $this->criteria[1] = CleanVariable(@$this->criteria[1], VAR_ALPHA | VAR_SPACE | VAR_SCORE);
$this->criteria[2] = CleanVariable(@$this->criteria[2], "", array("=", "!="));
}
diff -rau acidbase-1.2.1.old/includes/base_state_common.inc.php acidbase-1.2.1/includes/base_state_common.inc.php
--- acidbase-1.2.1.old/includes/base_state_common.inc.php 2005-11-12 13:37:42.000000000 +0100
+++ acidbase-1.2.1/includes/base_state_common.inc.php 2005-11-12 14:28:21.000000000 +0100
@@ -164,6 +164,9 @@
if ( ($valid_data & VAR_AT) > 0 )
$regex_mask = $regex_mask . "\@";
+ if ( ($valid_data & VAR_SCORE) > 0 )
+ $regex_mask = $regex_mask . "\-";
+
return ereg_replace("[^".$regex_mask."]", "", $item);
}
diff -rau acidbase-1.2.1.old/includes/base_state_query.inc.php acidbase-1.2.1/includes/base_state_query.inc.php
--- acidbase-1.2.1.old/includes/base_state_query.inc.php 2005-11-12 13:37:42.000000000 +0100
+++ acidbase-1.2.1/includes/base_state_query.inc.php 2005-11-12 13:42:10.000000000 +0100
@@ -330,7 +330,7 @@
function ReadState()
{
$this->current_canned_query = ImportHTTPVar("caller", VAR_LETTER | VAR_USCORE);
- $this->num_result_rows = ImportHTTPVar("num_result_rows", VAR_DIGIT);
+ $this->num_result_rows = ImportHTTPVar("num_result_rows", VAR_DIGIT | VAR_SCORE);
$this->current_sort_order = ImportHTTPVar("sort_order", VAR_LETTER | VAR_USCORE);
$this->current_view = ImportHTTPVar("current_view", VAR_DIGIT);
$this->action_arg = ImportHTTPVar("action_arg", VAR_ALPHA | VAR_PERIOD | VAR_USCORE | VAR_AT);
signature.asc
Description: This is a digitally signed message part
