From f27e77391e37d5893f06a3186c99d1d357d3d135 Mon Sep 17 00:00:00 2001
From: Wytze van der Raay <wytze@cacert.org>
Date: Mon, 1 Aug 2011 14:39:04 +0000
Subject: [PATCH] Fix for https://bugs.cacert.org/view.php?id=959

---
 www/wot.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/www/wot.php b/www/wot.php
index 2bd4622..7fa572f 100644
--- a/www/wot.php
+++ b/www/wot.php
@@ -206,9 +206,15 @@
 	if($oldid == 6)
 	{
 		$max =  maxpoints();
-		$awarded = $newpoints = intval($_POST['points']);
-		if($newpoints > $max)
-			$newpoints = $max;
+		
+		if (intval($_POST['points']) > $max) {
+			$awarded = $newpoints = $max;
+		} elseif (intval($_POST['points']) < 0) {
+			$awarded = $newpoints = 0;
+		} else {
+			$awarded = $newpoints = intval($_POST['points']);
+		}
+		
 		$query = "select sum(`points`) as `total` from `notary` where `to`='".$_SESSION['_config']['notarise']['id']."' group by `to`";
 		$res = mysql_query($query);
 		$drow = mysql_fetch_assoc($res);