Ignore:
Timestamp:
Mar 8, 2008, 1:27:08 PM (17 years ago)
Author:
rvelices
Message:
  • security fix in profile
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-1_7/profile.php

    r2236 r2267  
    7979  global $conf;
    8080  $errors = array();
    81  
     81
    8282  if (!isset($_POST['validate']))
    8383  {
     
    142142  ;';
    143143      list($current_password) = mysql_fetch_row(pwg_query($query));
    144  
     144
    145145      if ($conf['pass_convert']($_POST['password']) != $current_password)
    146146      {
     
    161161
    162162      $data = array();
    163       $data{$conf['user_fields']['id']} = $_POST['userid'];
     163      $data{$conf['user_fields']['id']} = $userdata['id'];
    164164      $data{$conf['user_fields']['email']} = $_POST['mail_address'];
    165165
     
    185185
    186186    $data = array();
    187     $data['user_id'] = $_POST['userid'];
     187    $data['user_id'] = $userdata['id'];
    188188
    189189    foreach ($fields as $field)
     
    214214  $template->set_filename('profile_content', 'profile_content.tpl');
    215215
    216   $expand = ($userdata['expand'] == 'true') ? 
     216  $expand = ($userdata['expand'] == 'true') ?
    217217            'EXPAND_TREE_YES':'EXPAND_TREE_NO';
    218218
    219219  $nb_comments =
    220     ($userdata['show_nb_comments'] == 'true') ? 
     220    ($userdata['show_nb_comments'] == 'true') ?
    221221               'NB_COMMENTS_YES':'NB_COMMENTS_NO';
    222222
    223223  $nb_hits =
    224     ($userdata['show_nb_hits'] == 'true') ? 
     224    ($userdata['show_nb_hits'] == 'true') ?
    225225               'NB_HITS_YES':'NB_HITS_NO';
    226226
     
    235235      'MAXWIDTH'=>@$userdata['maxwidth'],
    236236      'MAXHEIGHT'=>@$userdata['maxheight'],
    237  
     237
    238238      $expand=>'checked="checked"',
    239239      $nb_comments=>'checked="checked"',
    240240      $nb_hits=>'checked="checked"',
    241  
     241
    242242      'REDIRECT' => $url_redirect,
    243  
     243
    244244      'F_ACTION'=>$url_action,
    245245      ));
     
    261261      $selected = '';
    262262    }
    263  
     263
    264264    $template->assign_block_vars(
    265265      $blockname,
     
    287287      $selected = '';
    288288    }
    289  
     289
    290290    $template->assign_block_vars(
    291291      $blockname,
Note: See TracChangeset for help on using the changeset viewer.