From bd4bc54727f4e7f2a9280f88bfb03c311e2696a8 Mon Sep 17 00:00:00 2001
From: Alan Knowles <alan@roojs.com>
Date: Wed, 14 Mar 2012 09:38:37 +0800
Subject: [PATCH] Lock.php

---
 Lock.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Lock.php b/Lock.php
index 57dcaf17..747678bd 100644
--- a/Lock.php
+++ b/Lock.php
@@ -93,7 +93,7 @@ class Pman_Core_Lock extends Pman
             $this->jerr("Missing table or id");
         }
        
-        $tab = str_replace('/', '',$_REQUEST['on_table']); // basic protection??
+        $tab = str_replace('/', '', strtolower($_REQUEST['on_table'])); // basic protection??
         $x = DB_DataObject::factory($tab);
         if (!$x->get($_REQUEST['on_id'])) {
             $this->jerr("Item does not exist");
@@ -103,7 +103,7 @@ class Pman_Core_Lock extends Pman
         $curlock = DB_DataObject::factory('Core_locking');
         $curlock->setFrom(array(
             'on_id' => $_REQUEST['on_id'],
-            'on_table' => $_REQUEST['on_table']
+            'on_table' => strtolower($_REQUEST['on_table'])
         ));
         
         $curlock_ex = clone($curlock);
@@ -135,7 +135,7 @@ class Pman_Core_Lock extends Pman
             $curlock = DB_DataObject::factory('Core_locking');
             $curlock->setFrom(array(
                 'on_id' => $_REQUEST['on_id'],
-                'on_table' => $_REQUEST['on_table']
+                'on_table' => strtolower($_REQUEST['on_table'])
             ));
             $curlock->find();
             while($curlock->fetch()) {
@@ -149,7 +149,7 @@ class Pman_Core_Lock extends Pman
         $curlock = DB_DataObject::factory('Core_locking');
         $curlock->setFrom(array(
             'on_id' => $_REQUEST['on_id'],
-            'on_table' => $_REQUEST['on_table'],
+            'on_table' => strtolower($_REQUEST['on_table']),
             'created' => date('Y-m-d H:i:s'),
             'person_id' => $this->authUser->id,
         ));
-- 
2.39.2