[geeklog-devel] public_html/index.php
Mark R. Evans
mevans at ecsnet.com
Wed May 7 00:00:43 EDT 2008
Joe,
Look around line 176, $U is being set from a DB_fetchArray() call. It
couldn't hurt to initialize $U['aids'] and $U['tids'] to '' if it is an
anonymous user. $U['maxstories'] is already being initialized to 0 if
anonymous.
Thanks!
Mark
Joe Mucchiello wrote:
> How long has this been broken? It's in 1.4.1 and 1.5:
>
> if (!empty($U['aids'])) {
> $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids']
> ) . ") ";
> }
>
> if (!empty($U['tids'])) {
> $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','",
> $U['tids'] ) . "') ";
> }
>
> $U has no global value that I'm aware up. It's even a register_globals
> hole that could show hidden stories.
>
> I assume $U should be $_USER.
>
> ----
> Joe Mucchiello
> Throwing Dice Games
> http://www.throwingdice.com
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
More information about the geeklog-devel
mailing list