[geeklog-cvs] geeklog: Prevented SEC_createToken() from causing an SQL error.
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Mon Aug 9 11:38:08 EDT 2010
changeset 7957:08dd6a22ecc5
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/08dd6a22ecc5
user: mystral-kk <geeklog at mystral-kk.net>
date: Wed Jul 07 20:17:18 2010 +0900
description:
Prevented SEC_createToken() from causing an SQL error.
diffstat:
system/lib-security.php | 8 +++++---
1 files changed, 5 insertions(+), 3 deletions(-)
diffs (34 lines):
diff -r 77f43467b74c -r 08dd6a22ecc5 system/lib-security.php
--- a/system/lib-security.php Sat Jul 31 18:56:23 2010 +0200
+++ b/system/lib-security.php Wed Jul 07 20:17:18 2010 +0900
@@ -1095,11 +1095,13 @@
return $last_token;
}
+ $uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
+
/* Figure out the full url to the current page */
$pageURL = COM_getCurrentURL();
/* Generate the token */
- $token = md5($_USER['uid'].$pageURL.uniqid (rand (), 1));
+ $token = md5($uid.$pageURL.uniqid (rand (), 1));
$pageURL = addslashes($pageURL);
/* Destroy exired tokens: */
@@ -1112,13 +1114,13 @@
DB_query($sql);
/* Destroy tokens for this user/url combination */
- $sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id={$_USER['uid']} AND urlfor='$pageURL'";
+ $sql = "DELETE FROM {$_TABLES['tokens']} WHERE owner_id='{$uid}' AND urlfor='$pageURL'";
DB_query($sql);
/* Create a token for this user/url combination */
/* NOTE: TTL mapping for PageURL not yet implemented */
$sql = "INSERT INTO {$_TABLES['tokens']} (token, created, owner_id, urlfor, ttl) "
- . "VALUES ('$token', NOW(), {$_USER['uid']}, '$pageURL', $ttl)";
+ . "VALUES ('$token', NOW(), $uid, '$pageURL', $ttl)";
DB_query($sql);
$last_token = $token;
More information about the geeklog-cvs
mailing list