For Programmers: Free Programming Magazines  


Home > Archive > PHP Mirrors > June 2005 > cvs: php-master-web /manage users.php









You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

 

Author cvs: php-master-web /manage users.php
Rasmus Lerdorf

2005-06-05, 3:56 pm

rasmus Sun Jun 5 13:02:49 2005 EDT

Modified files:
/php-master-web/manage users.php
Log:
Quick-fix for sql injection in user id


http://cvs.php.net/diff.php/php-mas...39&r2=1.40&ty=u
Index: php-master-web/manage/users.php
diff -u php-master-web/manage/users.php:1.39 php-master-web/manage/users.php:1.40
--- php-master-web/manage/users.php:1.39 Wed Sep 8 06:33:51 2004
+++ php-master-web/manage/users.php Sun Jun 5 13:02:48 2005
@@ -28,12 +28,13 @@
}
}

+if(isset($id)) $id = (int)$id;
+
if (isset($id) && isset($action)) {
if (!is_admin($user)) {
warn("you're not allowed to take actions on users.");
exit;
}
- $id = (int)$id;
switch ($action) {
case 'approve':
if (db_query("UPDATE users SET cvsaccess=1 WHERE userid=$id")
Sponsored Links







Also available: Server administration forum archive | Web Design forum archive | Software forum archive | Hardware reviews archive

Copyright 2008 codecomments.com