From e7db4f1cac712dec0d1af0b36033e8fc8e395ab0 Mon Sep 17 00:00:00 2001
From: Jonathan Ernst <Jonathan@ernstfamily.ch>
Date: Wed, 9 Feb 2005 02:17:31 +0000
Subject: [PATCH] Fix unqueueing new versions

---
 admin/adminAppQueue.php | 14 +++++++-------
 include/version.php     |  5 +++--
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/admin/adminAppQueue.php b/admin/adminAppQueue.php
index c19c999..f7d647b 100644
--- a/admin/adminAppQueue.php
+++ b/admin/adminAppQueue.php
@@ -86,9 +86,9 @@ if ($_REQUEST['sub'])
 
             echo '<tr valign=top><td class=color3 align=center colspan=2>' ,"\n";
             echo '<input type="hidden" name="versionId" value="'.$oVersion->iVersionId.'" />';
-            echo '<input type="submit" value=" Submit App Into Database " class=button>&nbsp',"\n";
-            echo '<input name="sub" type=submit value="Delete" class=button> </td></tr>',"\n";
-            echo '</table>',"\n";
+            echo '<input type="submit" value=" Submit Version Into Database " class="button">&nbsp',"\n";
+            echo '<input name="sub" type=submit value="Delete" class="button"></td></tr>',"\n";
+            echo '</table></form>',"\n";
         } else // application
         { 
     
@@ -188,7 +188,7 @@ if ($_REQUEST['sub'])
             echo '<input type="hidden" name="appId" value="'.$oApp->iAppId.'" />';
             echo '<input type=submit value=" Submit App Into Database " class=button>&nbsp',"\n";
             echo '<input name="sub" type="submit" value="Delete" class="button" /></td></tr>',"\n";
-            echo '</table>',"\n";
+            echo '</table></form>',"\n";
         }
 
         echo html_frame_end("&nbsp;");
@@ -196,7 +196,7 @@ if ($_REQUEST['sub'])
     }
     else if ($_REQUEST['sub'] == 'add')
     {
-        if (is_numeric($_REQUEST['appId'])) // application
+        if (is_numeric($_REQUEST['appId']) && !is_numeric($_REQUEST['versionId'])) // application
         {
             // add new vendor
             if($sVendor)
@@ -208,10 +208,10 @@ if ($_REQUEST['sub'])
             $oApp = new Application($_REQUEST['appId']);
             $oApp->update($_REQUEST['appName'], $_REQUEST['appDescription'], $_REQUEST['keywords'], $_REQUEST['webPage'], $_REQUEST['vendorId'], $_REQUEST['catId']);
             $oApp->unQueue();
-        } else if(is_numeric($_REQUEST['versionId']))  // version
+        } else if(is_numeric($_REQUEST['versionId']) && is_numeric($_REQUEST['appId']))  // version
         {
             $oVersion = new Version($_REQUEST['versionId']);
-            $oVersion->update($_REQUEST['versionName'], $_REQUEST['versionDescription']);
+            $oVersion->update($_REQUEST['versionName'], $_REQUEST['versionDescription'],null,null,$_REQUEST['appId']);
             $oVersion->unQueue();
         }
         
diff --git a/include/version.php b/include/version.php
index 039d0bf..5a2a2cf 100644
--- a/include/version.php
+++ b/include/version.php
@@ -125,20 +125,21 @@ class Version {
     /**
      * Update version.
      * FIXME: Informs interested people about the modification.
+     * FIXME: Use compile_update_string instead of addslashes.
      * Returns true on success and false on failure.
      */
     function update($sName=null, $sDescription=null, $sTestedRelease=null, $sTestedRating=null, $iAppId=null)
     {
         if ($sName)
         {
-            if (!query_appdb("UPDATE appVersion SET versionName = '".$sName."' WHERE versionId = ".$this->iVersionId))
+            if (!query_appdb("UPDATE appVersion SET versionName = '".addslashes($sName)."' WHERE versionId = ".$this->iVersionId))
                 return false;
             $this->sName = $sName;
         }     
 
         if ($sDescription)
         {
-            if (!query_appdb("UPDATE appVersion SET description = '".$sDescription."' WHERE versionId = ".$this->iVersionId))
+            if (!query_appdb("UPDATE appVersion SET description = '".addslashes($sDescription)."' WHERE versionId = ".$this->iVersionId))
                 return false;
             $this->sDescription = $sDescription;
         }