[geeklog-devel] [geeklog-cvs] Geeklog-1.x/system/classes story.class.php, 1.32, 1.33

Dirk Haun dirk at haun-online.de
Sun Jul 27 14:18:04 EDT 2008


>Index: story.class.php
>
>*** 1667,1671 ****
>          // SID's are a special case:
>          $sid = COM_sanitizeID($array['sid']);
>!         $oldsid = COM_sanitizeID($array['old_sid']);
>  
>          if (empty($sid)) {
>--- 1667,1675 ----
>          // SID's are a special case:
>          $sid = COM_sanitizeID($array['sid']);
>!         if (isset($array['old_sid'])) {
>!             $oldsid = COM_sanitizeID($array['old_sid'], false);
>!         } else {
>!             $oldsid = '';
>!         }

Btw, this is a nice trap to fall into: COM_sanitizeID will, by default,
create a new ID instead of returning an empty string. So when 'old_sid'
is not set, you'll end up with a new ID. Which could have all sorts of
interesting side effects if you then try to do something clever with
that supposedly "old" sid ...

bye, Dirk


-- 
http://www.haun-online.de/
http://geeklog.info/




More information about the geeklog-devel mailing list