diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-11-11 10:57:53 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2003-11-11 10:57:53 +0000 |
| commit | 6a701d1cf5315e104fd08c2637a5c569835b7c94 (patch) | |
| tree | 35e6dd3ecd784d8a2a692d3433d7bb5091ad88d7 | |
| parent | 74ccfb2ad51e552a65b9e4e7419dc770e55c503e (diff) | |
| download | forums-6a701d1cf5315e104fd08c2637a5c569835b7c94.tar forums-6a701d1cf5315e104fd08c2637a5c569835b7c94.tar.gz forums-6a701d1cf5315e104fd08c2637a5c569835b7c94.tar.bz2 forums-6a701d1cf5315e104fd08c2637a5c569835b7c94.tar.xz forums-6a701d1cf5315e104fd08c2637a5c569835b7c94.zip | |
I'm so disappointed no one spotted this deliberate error ... phew, got away with that one ... damn, is this thing on?
git-svn-id: file:///svn/phpbb/trunk@4662 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/ucp/ucp_register.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/phpBB/includes/ucp/ucp_register.php b/phpBB/includes/ucp/ucp_register.php index d50d30e428..20e98b106f 100644 --- a/phpBB/includes/ucp/ucp_register.php +++ b/phpBB/includes/ucp/ucp_register.php @@ -25,7 +25,7 @@ class ucp_register extends module // Do not alter this first one to use request_var! $coppa = (isset($_REQUEST['coppa'])) ? ((!empty($_REQUEST['coppa'])) ? 1 : 0) : false; - $confirm_id = request_var('confirm_id', 0); + $confirm_id = request_var('confirm_id', ''); $agreed = (!empty($_POST['agreed'])) ? 1 : 0; $submit = (isset($_POST['submit'])) ? true : false; @@ -115,7 +115,7 @@ class ucp_register extends module $sql = 'SELECT code FROM ' . CONFIRM_TABLE . " WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->data['session_id']) . "'"; + AND session_id = '" . $db->sql_escape($user->session_id) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -128,7 +128,7 @@ class ucp_register extends module { $sql = 'DELETE FROM ' . CONFIRM_TABLE . " WHERE confirm_id = '" . $db->sql_escape($confirm_id) . "' - AND session_id = '" . $db->sql_escape($user->data['session_id']) . "'"; + AND session_id = '" . $db->sql_escape($user->session_id) . "'"; $db->sql_query($sql); } } @@ -327,7 +327,7 @@ class ucp_register extends module $sql = 'SELECT COUNT(session_id) AS attempts FROM ' . CONFIRM_TABLE . " - WHERE session_id = '$user->session_id'"; + WHERE session_id = '" . $db->sql_escape($user->session_id) . "'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) @@ -343,7 +343,7 @@ class ucp_register extends module $confirm_id = md5(uniqid($user_ip)); $sql = 'INSERT INTO ' . CONFIRM_TABLE . " (confirm_id, session_id, code) - VALUES ('$confirm_id', '$user->session_id', '$code')"; + VALUES ('$confirm_id', '" . $db->sql_escape($user->session_id) . "', '$code')"; $db->sql_query($sql); $confirm_image = (@extension_loaded('zlib')) ? "<img src=\"ucp.$phpEx$SID&mode=confirm&id=$confirm_id\" alt=\"\" title=\"\" />" : '<img src="ucp.$phpEx$SID&mode=confirm&id=$confirm_id&c=1" alt="" title="" /><img src="ucp.$phpEx$SID&mode=confirm&id=$confirm_id&c=2" alt="" title="" /><img src="ucp.$phpEx$SID&mode=confirm&id=$confirm_id&c=3" alt="" title="" /><img src="ucp.$phpEx$SID&mode=confirm&id=$confirm_id&c=4" alt="" title="" /><img src="ucp.$phpEx$SID&mode=confirm&id=$confirm_id&c=5" alt="" title="" /><img src="ucp.$phpEx$SID&mode=confirm&id=$confirm_id&c=6" alt="" title="" />'; |