Filter all user input to reduce the security impact of manipulated data

viewbugs.php

@@ -6,17 +6,20 @@
 include("path.php");
 require(BASE."include/incl.php");
 
-/* code to View versions affected by a Bug */
-$bug_id = $_REQUEST['bug_id'];
+$aClean = array(); //array of filtered user input
 
-if(!is_numeric($bug_id))
+$aClean['bug_id'] = makeSafe($_REQUEST['bug_id']);
+
+/* code to View versions affected by a Bug */
+
+if( !is_numeric($aClean['bug_id']))
 {
     errorpage("Something went wrong with the bug ID");
     exit;
 }
 {
-    apidb_header("Applications affected by Bug #".$bug_id);
-    echo '<form method=post action="viewbugs.php?bug_id='.$bug_id.'">',"\n";
+    apidb_header("Applications affected by Bug #".$aClean['bug_id']);
+    echo '<form method=post action="viewbugs.php?bug_id='.$aClean['bug_id'].'">',"\n";
 
     echo '<table width=100% border=0 cellpadding=3 cellspacing=1>',"\n";
     echo '<tr class=color4>',"\n";
@@ -32,7 +35,7 @@ if(!is_numeric($bug_id))
                FROM appFamily, appVersion, buglinks
                WHERE appFamily.appId = appVersion.appId 
                and buglinks.versionId = appVersion.versionId
-               AND buglinks.bug_id = ".$bug_id."
+               AND buglinks.bug_id = ".$aClean['bug_id']."
                ORDER BY versionName";
     $c = 0;
 
@@ -66,7 +69,7 @@ if(!is_numeric($bug_id))
 
     echo '<tr class=color3>',"\n";
     echo '    <td align=center>',"\n";
-    echo '    <input type="text" name="bug_id" value="'.$bug_id.'" size="8"></td>',"\n";
+    echo '    <input type="text" name="bug_id" value="'.$aClean['bug_id'].'" size="8"></td>',"\n";
     echo '    <td colspan=2><input type="submit" name="sub" value="Search"></td>',"\n";
     echo '</tr>',"\n";