From 7c0a44b743db440fee8a63a71f1742fd8c92df03 Mon Sep 17 00:00:00 2001
From: "lpsolit%gmail.com" <>
Date: Mon, 14 Nov 2005 02:16:24 +0000
Subject: =?UTF-8?q?Bug=20314547:=20[PostgreSQL]=20cannot=20check/uncheck?=
 =?UTF-8?q?=20the=20"Private"=20checkbox=20for=20comments=20in=20show=5Fbu?=
 =?UTF-8?q?g.cgi=20-=20Patch=20by=20Fr=C3=A9d=C3=A9ric=20Buclin=20<LpSolit?=
 =?UTF-8?q?@gmail.com>=20r=3Dmkanat=20a=3Djustdave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 process_bug.cgi | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'process_bug.cgi')

diff --git a/process_bug.cgi b/process_bug.cgi
index fdf5a405b..af0283d6c 100755
--- a/process_bug.cgi
+++ b/process_bug.cgi
@@ -936,16 +936,18 @@ if (defined $cgi->param('id')) {
 if (defined $cgi->param('id') &&
     (Param("insidergroup") && UserInGroup(Param("insidergroup")))) {
 
+    my $sth = $dbh->prepare('UPDATE longdescs SET isprivate = ?
+                             WHERE bug_id = ? AND bug_when = ?');
+
     foreach my $field ($cgi->param()) {
         if ($field =~ /when-([0-9]+)/) {
             my $sequence = $1;
             my $private = $cgi->param("isprivate-$sequence") ? 1 : 0 ;
             if ($private != $cgi->param("oisprivate-$sequence")) {
                 my $field_data = $cgi->param("$field");
-                detaint_natural($field_data);
-                SendSQL("UPDATE longdescs SET isprivate = $private " .
-                        "WHERE bug_id = " . $cgi->param('id') . 
-                        " AND bug_when = $field_data");
+                # Make sure a valid date is given.
+                $field_data = format_time($field_data, '%Y-%m-%d %T');
+                $sth->execute($private, $cgi->param('id'), $field_data);
             }
         }
 
-- 
cgit v1.2.1