[geeklog-devel] SR4 Bug -- err so it would appear

Blaine Lang geeklog at langfamily.ca
Sun Feb 1 13:38:30 EST 2004


The recent posts about Plugin (forum) extra settings not being saved or over-writting other users.

I was looking into it this today and noticed that the UID field in the Edit form -> Account Information is being set to a encrypted 16 char field. To be specific $reqid.

Line 156 of usersettings.php
    $preferences->set_var ('uid_value', $reqid);

I believe this is a typo and not some secuity change.

This triggers all sorts of problems that are looking for the UID in the POST_VARS from this form.


Blaine
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20040201/8626585b/attachment.html>


More information about the geeklog-devel mailing list