? cvs-release-notes.php
Index: uc_aac.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/uc_aac/uc_aac.module,v
retrieving revision 1.15
diff -u -p -r1.15 uc_aac.module
--- uc_aac.module	30 Nov 2009 23:49:59 -0000	1.15
+++ uc_aac.module	15 Dec 2009 16:53:00 -0000
@@ -1,5 +1,5 @@
 <?php
-// $Id: uc_aac.module,v 1.15 2009/11/30 23:49:59 antoinesolutions Exp $
+// $Id: uc_aac.module,v 1.10.2.5 2009/11/30 23:45:30 antoinesolutions Exp $
 
 /**
  * @file
@@ -51,7 +51,15 @@ function uc_aac_form_alter(&$form, $form
     if (isset($form['#parameters'][2]->attributes)) {
       $nid = $form['nid']['#value'];
       $product =& $form['#parameters'][2];
-      $form['qty']['#default_value'] = $product->default_qty;
+
+      // Use qty from post or use default qty
+      if (isset($_POST['qty'])) {
+        $form['qty']['#default_value'] = check_plain($_POST['qty']);
+      }
+      else {
+        $form['qty']['#default_value'] = $product->default_qty;
+      }
+
       $context = array(
         'revision' => 'formatted',
         'type' => 'product',
@@ -68,7 +76,7 @@ function uc_aac_form_alter(&$form, $form
         $options = array();
 
         if (isset($_POST['attributes'][$aid])) {
-          $selected_oid = $_POST['attributes'][$aid];
+          $selected_oid = check_plain($_POST['attributes'][$aid]);
         }
         else {
           $selected_oid = $product->attributes[$aid]->default_option;
@@ -142,7 +150,7 @@ function uc_aac_form_alter(&$form, $form
  * Calculate product adjustments based on attribute option selections.
  */
 function _uc_aac_calculate() {
-  $nid = array_pop(explode('_', $_POST['form_id']));
+  $nid = array_pop(explode('_', check_plain($_POST['form_id'])));
   $output['nid'] = $nid;
 
   // Load the node and store the submitted data for later.
@@ -152,21 +160,23 @@ function _uc_aac_calculate() {
   // form regenerates correctly.
   if (isset($_POST['attributes'])) {
     foreach ($_POST['attributes'] as $aid => $oid) {
-      $product->attributes[$aid]->default_option = $oid;
+      $product->attributes[check_plain($aid)]->default_option = check_plain($oid);
     }
   }
 
   // Create a fake cart item with the submitted node, quantity and attributes.
   $item = new stdClass();
   $item->nid = $nid;
-  $item->qty = $_POST['qty'];
+  $item->qty = check_plain($_POST['qty']);
   $item->model = $product->model;
   $item->cost = $product->cost;
   $item->price = $product->sell_price;
   $item->weight = $product->weight;
   $item->data = unserialize($product->data);
   $item->data['nid'] = $nid;
-  $item->data['attributes'] = $_POST['attributes'];
+  foreach ($_POST['attributes'] as $key => $value) {
+    $item->data['attributes'][check_plain($key)] = check_plain($value);
+  }
 
   // Let other modules adjust our cart item as needed.
   $item->data = module_invoke_all('add_to_cart_data', $item->data);