[geeklog-devel] public_html/index.php

Mark R. Evans mevans at ecsnet.com
Wed May 7 00:00:43 EDT 2008

Previous message: [geeklog-devel] public_html/index.php
Next message: [geeklog-devel] public_html/index.php
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joe,

Look around line 176, $U is being set from a DB_fetchArray() call. It
couldn't hurt to initialize $U['aids'] and $U['tids'] to '' if it is an
anonymous user. $U['maxstories'] is already being initialized to 0 if
anonymous.

Thanks!
Mark

Joe Mucchiello wrote:

> How long has this been broken? It's in 1.4.1 and 1.5:

>

> if (!empty($U['aids'])) {

> $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids']

> ) . ") ";

> }

>

> if (!empty($U['tids'])) {

> $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','",

> $U['tids'] ) . "') ";

> }

>

> $U has no global value that I'm aware up. It's even a register_globals

> hole that could show hidden stories.

>

> I assume $U should be $_USER.

>

> ----

> Joe Mucchiello

> Throwing Dice Games

> http://www.throwingdice.com

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://eight.pairlist.net/mailman/listinfo/geeklog-devel

Previous message: [geeklog-devel] public_html/index.php
Next message: [geeklog-devel] public_html/index.php
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list