[geeklog-devel] SR4 Bug -- err so it would appear
dirk at haun-online.de
Sun Feb 1 18:14:17 EST 2004
>Line 156 of usersettings.php
> $preferences->set_var ('uid_value', $reqid);
>I believe this is a typo and not some secuity change.
No, this was a deliberate change. To quote myself (from geeklog-security):
>I've re-used the hidden "uid" field in the form, so there's no need to
>update the templates. The field wasn't used anyway as the value can't be
You could simply use $_USER['uid'], which has the added advantage that it
can't be manipulated.
More information about the geeklog-devel