[geeklog-devel] SR4 Bug -- err so it would appear

Dirk Haun dirk at haun-online.de
Sun Feb 1 18:14:17 EST 2004


>Line 156 of usersettings.php
>    $preferences->set_var ('uid_value', $reqid);
>I believe this is a typo and not some secuity change.

No, this was a deliberate change. To quote myself (from geeklog-security):

>I've re-used the hidden "uid" field in the form, so there's no need to
>update the templates. The field wasn't used anyway as the value can't be

You could simply use $_USER['uid'], which has the added advantage that it
can't be manipulated.

bye, Dirk


More information about the geeklog-devel mailing list