[geeklog-devel] public_html/index.php

Mark R. Evans mevans at ecsnet.com
Wed May 7 00:00:43 EDT 2008


Joe,

Look around line 176, $U is being set from a DB_fetchArray() call.  It 
couldn't hurt to initialize $U['aids'] and $U['tids'] to '' if it is an 
anonymous user.  $U['maxstories'] is already being initialized to 0 if 
anonymous.

Thanks!
Mark

Joe Mucchiello wrote:
> How long has this been broken? It's in 1.4.1 and 1.5:
>
> if (!empty($U['aids'])) {
>     $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", $U['aids'] 
> ) . ") ";
> }
>
> if (!empty($U['tids'])) {
>     $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", 
> $U['tids'] ) . "') ";
> }
>
> $U has no global value that I'm aware up. It's even a register_globals 
> hole that could show hidden stories.
>
> I assume $U should be $_USER.
>
> ----
> Joe Mucchiello
> Throwing Dice Games
> http://www.throwingdice.com
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel



More information about the geeklog-devel mailing list