[geeklog-cvs] geeklog-1.3/public_html profiles.php,1.20,1.20.4.1
dhaun at geeklog.net
dhaun at geeklog.net
Fri Dec 5 14:36:04 EST 2003
Update of /usr/cvs/geeklog/geeklog-1.3/public_html
In directory geeklog_prod:/tmp/cvs-serv23908
Modified Files:
Tag: geeklog_1_3_7sr2_1
profiles.php
Log Message:
Apply more strict checks before allowing someone to email a user.
Index: profiles.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/profiles.php,v
retrieving revision 1.20
retrieving revision 1.20.4.1
diff -C2 -d -r1.20 -r1.20.4.1
*** profiles.php 5 Jan 2003 21:23:51 -0000 1.20
--- profiles.php 5 Dec 2003 19:36:01 -0000 1.20.4.1
***************
*** 49,53 ****
function contactemail($uid,$author,$authoremail,$subject,$message)
{
! global $_TABLES, $_CONF, $LANG08, $LANG_CHARSET;
if (!empty($author) && !empty($subject) && !empty($message)) {
--- 49,59 ----
function contactemail($uid,$author,$authoremail,$subject,$message)
{
! global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_CHARSET;
!
! // check for correct $_CONF permission
! if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) ||
! ($_CONF['emailuserloginrequired'] == 1)) && ($uid != 2)) {
! return COM_refresh ($_CONF['site_url'] . '/index.php');
! }
if (!empty($author) && !empty($subject) && !empty($message)) {
***************
*** 157,161 ****
function mailstory($sid,$to,$toemail,$from,$fromemail,$sid, $shortmsg)
{
! global $_TABLES, $_CONF, $LANG01, $LANG08, $A;
$sql = "SELECT uid,title,introtext,bodytext,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid' ";
--- 163,173 ----
function mailstory($sid,$to,$toemail,$from,$fromemail,$sid, $shortmsg)
{
! global $_CONF, $_USER, $LANG01, $LANG08, $A;
!
! // check for correct $_CONF permission
! if (empty ($_USER['username']) && (($_CONF['loginrequired'] == 1) ||
! ($_CONF['emailstoryloginrequired'] == 1))) {
! return COM_refresh ($_CONF['site_url'] . '/article.php?story=' . $sid);
! }
$sql = "SELECT uid,title,introtext,bodytext,UNIX_TIMESTAMP(date) AS day FROM {$_TABLES['stories']} WHERE sid = '$sid' ";
More information about the geeklog-cvs
mailing list