[geeklog-cvs] geeklog: Check if $_USER['uid'] is actually set first
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Mar 4 03:24:03 EST 2012
changeset 8504:c51fd4d0fea8
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/c51fd4d0fea8
user: Dirk Haun <dirk at haun-online.de>
date: Sun Mar 04 09:06:01 2012 +0100
description:
Check if $_USER['uid'] is actually set first
diffstat:
system/lib-security.php | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diffs (22 lines):
diff -r c97fbefa9829 -r c51fd4d0fea8 system/lib-security.php
--- a/system/lib-security.php Sat Mar 03 16:39:18 2012 -0700
+++ b/system/lib-security.php Sun Mar 04 09:06:01 2012 +0100
@@ -1188,7 +1188,8 @@
* @param int $uid user id to authenticate
* @return int 0 for success, non-zero for failure or error
*/
-function SEC_encryptUserPassword($password, $uid = '') {
+function SEC_encryptUserPassword($password, $uid = '')
+{
global $_USER, $_CONF, $_TABLES;
// if $uid is empty, assume current user
@@ -1204,7 +1205,7 @@
/* get passwd, algorithm, stretch, and salt from $_USER if possible, else
* get them from the DB
*/
- if ( ( ($uid == $_USER['uid']) && isset($_USER['passwd']) &&
+ if ( ( isset($_USER['uid']) && ($uid == $_USER['uid']) && isset($_USER['passwd']) &&
isset($_USER['algorithm']) && isset($_USER['stretch']) && isset($_USER['salt']) ) ) {
$passwd = $_USER['passwd'];
$algorithm = $_USER['algorithm'];
More information about the geeklog-cvs
mailing list