[geeklog-devel] public_html/index.php

[Joe Mucchiello]

How long has this been broken? It's in 1.4.1 and 1.5:

if (!empty($U['aids'])) {
     $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", 
$U['aids'] ) . ") ";
}

if (!empty($U['tids'])) {
     $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", 
$U['tids'] ) . "') ";
}

$U has no global value that I'm aware up. It's even a 
register_globals hole that could show hidden stories.

I assume $U should be $_USER.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com