diff options
author | rvelices <rv-github@modusoptimus.com> | 2008-03-08 12:27:08 +0000 |
---|---|---|
committer | rvelices <rv-github@modusoptimus.com> | 2008-03-08 12:27:08 +0000 |
commit | 2f6b60e06341ba18afeada285d274401f42dc78c (patch) | |
tree | 866522b73a73626c7ada43fd6b60708b981ba3fb | |
parent | b593bc2f79790b8d4ef0af1ae5d1570858468868 (diff) |
- security fix in profile
git-svn-id: http://piwigo.org/svn/branches/branch-1_7@2267 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | profile.php | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/profile.php b/profile.php index d391d61f5..133923e1c 100644 --- a/profile.php +++ b/profile.php @@ -78,7 +78,7 @@ function save_profile_from_post(&$userdata, &$errors) { global $conf; $errors = array(); - + if (!isset($_POST['validate'])) { return false; @@ -141,7 +141,7 @@ function save_profile_from_post(&$userdata, &$errors) WHERE '.$conf['user_fields']['id'].' = \''.$userdata['id'].'\' ;'; list($current_password) = mysql_fetch_row(pwg_query($query)); - + if ($conf['pass_convert']($_POST['password']) != $current_password) { $errors[] = l10n('Current password is wrong'); @@ -160,7 +160,7 @@ function save_profile_from_post(&$userdata, &$errors) $fields = array($conf['user_fields']['email']); $data = array(); - $data{$conf['user_fields']['id']} = $_POST['userid']; + $data{$conf['user_fields']['id']} = $userdata['id']; $data{$conf['user_fields']['email']} = $_POST['mail_address']; // password is updated only if filled @@ -184,7 +184,7 @@ function save_profile_from_post(&$userdata, &$errors) ); $data = array(); - $data['user_id'] = $_POST['userid']; + $data['user_id'] = $userdata['id']; foreach ($fields as $field) { @@ -213,15 +213,15 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) $template->set_filename('profile_content', 'profile_content.tpl'); - $expand = ($userdata['expand'] == 'true') ? + $expand = ($userdata['expand'] == 'true') ? 'EXPAND_TREE_YES':'EXPAND_TREE_NO'; $nb_comments = - ($userdata['show_nb_comments'] == 'true') ? + ($userdata['show_nb_comments'] == 'true') ? 'NB_COMMENTS_YES':'NB_COMMENTS_NO'; $nb_hits = - ($userdata['show_nb_hits'] == 'true') ? + ($userdata['show_nb_hits'] == 'true') ? 'NB_HITS_YES':'NB_HITS_NO'; $template->assign_vars( @@ -234,13 +234,13 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) 'RECENT_PERIOD'=>$userdata['recent_period'], 'MAXWIDTH'=>@$userdata['maxwidth'], 'MAXHEIGHT'=>@$userdata['maxheight'], - + $expand=>'checked="checked"', $nb_comments=>'checked="checked"', $nb_hits=>'checked="checked"', - + 'REDIRECT' => $url_redirect, - + 'F_ACTION'=>$url_action, )); @@ -260,7 +260,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) { $selected = ''; } - + $template->assign_block_vars( $blockname, array( @@ -286,7 +286,7 @@ function load_profile_in_template($url_action, $url_redirect, $userdata) { $selected = ''; } - + $template->assign_block_vars( $blockname, array( |