[geeklog-cvs] geeklog-1.3/public_html profiles.php,1.20,1.20.4.1

dhaun at geeklog.net dhaun at geeklog.net
Fri Dec 5 14:36:04 EST 2003 

Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv23908

Modified Files:
      Tag: geeklog_1_3_7sr2_1
	profiles.php 
Log Message:
Apply more strict checks before allowing someone to email a user.


Index: profiles.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/profiles.php,v
retrieving revision 1.20
retrieving revision 1.20.4.1
diff -C2 -d -r1.20 -r1.20.4.1
*** profiles.php	5 Jan 2003 21:23:51 -0000	1.20
--- profiles.php	5 Dec 2003 19:36:01 -0000	1.20.4.1
***************
*** 49,53 ****
  function contactemail($uid,$author,$authoremail,$subject,$message) 
  {
!     global $_TABLES, $_CONF, $LANG08, $LANG_CHARSET;
  
      if (!empty($author) && !empty($subject) && !empty($message)) {
--- 49,59 ----
  function contactemail($uid,$author,$authoremail,$subject,$message) 
  {
!     global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_CHARSET;
! 
!     // check for correct $_CONF permission
!     if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) ||
!             ($_CONF['emailuserloginrequired'] == 1)) && ($uid != 2)) {
!         return COM_refresh ($_CONF['site_url'] . '/index.php');
!     }
  
      if (!empty($author) && !empty($subject) && !empty($message)) {
***************
*** 157,161 ****
  function mailstory($sid,$to,$toemail,$from,$fromemail,$sid, $shortmsg) 
  {
!  	global $_TABLES, $_CONF, $LANG01, $LANG08, $A;
  	
   	$sql = "SELECT uid,title,introtext,bodytext,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid' ";
--- 163,173 ----
  function mailstory($sid,$to,$toemail,$from,$fromemail,$sid, $shortmsg) 
  {
!  	global $_CONF, $_USER, $LANG01, $LANG08, $A;
! 
!     // check for correct $_CONF permission
!     if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) ||
!             ($_CONF['emailstoryloginrequired'] == 1))) {
!         return COM_refresh ($_CONF['site_url'] . '/article.php?story=' . $sid);
!     }
  	
   	$sql = "SELECT uid,title,introtext,bodytext,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid' ";

More information about the geeklog-cvs mailing list