Nur in www/: config_inc.php.
diff -ru mantis.build/core/cfdefs/cfdef_standard.php www/core/cfdefs/cfdef_standard.php
--- mantis.build/core/cfdefs/cfdef_standard.php 2009-12-27 10:06:06.000000000 +0100
+++ www/core/cfdefs/cfdef_standard.php 2009-12-28 00:41:03.000000000 +0100
@@ -247,7 +247,7 @@
$t_selected_values = explode( '|', $t_custom_field_value );
foreach( $t_values as $t_option ) {
- if( in_array( $t_option, $t_selected_values, true ) ) {
+ if( in_array( htmlentities($t_option), $t_selected_values, true ) ) {
echo '';
} else {
echo '';
@@ -261,7 +261,7 @@
$t_checked_values = explode( '|', $t_custom_field_value );
foreach( $t_values as $t_option ) {
echo ' ' . $t_option . ' ';
} else {
echo ' value="' . $t_option . '"> ' . $t_option . ' ';
diff -ru mantis.build/core/filter_api.php www/core/filter_api.php
--- mantis.build/core/filter_api.php 2009-12-27 10:06:06.000000000 +0100
+++ www/core/filter_api.php 2009-12-28 00:44:18.000000000 +0100
@@ -1899,8 +1899,14 @@
switch( $t_def['type'] ) {
case CUSTOM_FIELD_TYPE_MULTILIST:
case CUSTOM_FIELD_TYPE_CHECKBOX:
+ $t_where_params[] = $t_filter_member . '|%';
+ array_push( $t_filter_array, db_helper_like( "$t_table_name.value" ) );
+ $t_where_params[] = '%|' . $t_filter_member;
+ array_push( $t_filter_array, db_helper_like( "$t_table_name.value" ) );
$t_where_params[] = '%|' . $t_filter_member . '|%';
array_push( $t_filter_array, db_helper_like( "$t_table_name.value" ) );
+ $t_where_params[] = $t_filter_member;
+ array_push( $t_filter_array, db_helper_like( "$t_table_name.value" ) );
break;
default:
array_push( $t_filter_array, "$t_table_name.value = '" . db_prepare_string( $t_filter_member ) . "'" );