[geeklog-devel] SR4 Bug -- err so it would appear
Dirk Haun
dirk at haun-online.de
Sun Feb 1 18:14:17 EST 2004
Blaine,
>Line 156 of usersettings.php
> $preferences->set_var ('uid_value', $reqid);
>
>I believe this is a typo and not some secuity change.
No, this was a deliberate change. To quote myself (from geeklog-security):
>I've re-used the hidden "uid" field in the form, so there's no need to
>update the templates. The field wasn't used anyway as the value can't be
>trusted.
You could simply use $_USER['uid'], which has the added advantage that it
can't be manipulated.
bye, Dirk
--
http://www.haun-online.de/
http://www.macosx-faq.de/
More information about the geeklog-devel
mailing list