[geeklog-devel] public_html/index.php

Tony Bibbs tony at tonybibbs.com
Wed May 7 12:48:28 EDT 2008


Yep perfectly legal (and valid) syntax since it is wrapped in {}.  Yes it is a tad annoying to look at, though.

----- Original Message ----
From: Joe Mucchiello <joe at ThrowingDice.com>
To: Geeklog Development <geeklog-devel at lists.geeklog.net>
Sent: Tuesday, May 6, 2008 11:21:46 PM
Subject: Re: [geeklog-devel] public_html/index.php

I thought the $_USER loaded $_TABLES['userindex'] since it loads 
$_TABLES['userprefs']. Don't know why it doesn't. Still, $U['aids'] 
and $U['tids'] is not initialized when an anonymous user hits that code.

Whoa, now my eyes must be bugging out. Line 459 of lib-sessions.php.
     $sql = "SELECT *,format FROM 
{$_TABLES['dateformats']},{$_TABLES["users"]},{$_TABLES['userprefs']} "

Are those double quotes around "users" in $_TABLES["users"] when the 
string is delimited with double quotes?

At 12:00 AM 5/7/2008, Mark R. Evans wrote:
>Joe,
>
>Look around line 176, $U is being set from a DB_fetchArray() 
>call.  It couldn't hurt to initialize $U['aids'] and $U['tids'] to 
>'' if it is an anonymous user.  $U['maxstories'] is already being 
>initialized to 0 if anonymous.
>
>Thanks!
>Mark
>
>Joe Mucchiello wrote:
>>How long has this been broken? It's in 1.4.1 and 1.5:
>>
>>if (!empty($U['aids'])) {
>>     $sql .= " AND s.uid NOT IN (" . str_replace( ' ', ",", 
>> $U['aids'] ) . ") ";
>>}
>>
>>if (!empty($U['tids'])) {
>>     $sql .= " AND s.tid NOT IN ('" . str_replace( ' ', "','", 
>> $U['tids'] ) . "') ";
>>}
>>
>>$U has no global value that I'm aware up. It's even a 
>>register_globals hole that could show hidden stories.
>>
>>I assume $U should be $_USER.

----
Joe Mucchiello
Throwing Dice Games
http://www.throwingdice.com 

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel






More information about the geeklog-devel mailing list