Changeset 2267

Timestamp:

03/08/08 13:27:08 (5 years ago)

Author:

rvelices

Message:

- security fix in profile

Files:

• branches/branch-1_7/profile.php (modified) (8 diffs)

branches/branch-1_7/profile.php

@@ -79 +79 @@
   global $conf;
   $errors = array();
-  
+
   if (!isset($_POST['validate']))
   {
@@ -142 +142 @@
   ;';
       list($current_password) = mysql_fetch_row(pwg_query($query));
-  
+
       if ($conf['pass_convert']($_POST['password']) != $current_password)
       {
@@ -161 +161 @@
 
       $data = array();
-      $data{$conf['user_fields']['id']} = $_POST['userid'];
+      $data{$conf['user_fields']['id']} = $userdata['id'];
       $data{$conf['user_fields']['email']} = $_POST['mail_address'];
 
@@ -185 +185 @@
 
     $data = array();
-    $data['user_id'] = $_POST['userid'];
+    $data['user_id'] = $userdata['id'];
 
     foreach ($fields as $field)
@@ -214 +214 @@
   $template->set_filename('profile_content', 'profile_content.tpl');
 
-  $expand = ($userdata['expand'] == 'true') ? 
+  $expand = ($userdata['expand'] == 'true') ?
             'EXPAND_TREE_YES':'EXPAND_TREE_NO';
 
   $nb_comments =
-    ($userdata['show_nb_comments'] == 'true') ? 
+    ($userdata['show_nb_comments'] == 'true') ?
                'NB_COMMENTS_YES':'NB_COMMENTS_NO';
 
   $nb_hits =
-    ($userdata['show_nb_hits'] == 'true') ? 
+    ($userdata['show_nb_hits'] == 'true') ?
                'NB_HITS_YES':'NB_HITS_NO';
 
@@ -235 +235 @@
       'MAXWIDTH'=>@$userdata['maxwidth'],
       'MAXHEIGHT'=>@$userdata['maxheight'],
-  
+
       $expand=>'checked="checked"',
       $nb_comments=>'checked="checked"',
       $nb_hits=>'checked="checked"',
-  
+
       'REDIRECT' => $url_redirect,
-  
+
       'F_ACTION'=>$url_action,
       ));
@@ -261 +261 @@
       $selected = '';
     }
-  
+
     $template->assign_block_vars(
       $blockname,
@@ -287 +287 @@
       $selected = '';
     }
-  
+
     $template->assign_block_vars(
       $blockname,