diff options
| author | Hari Sankar R <hsr@theinglorio.us> | 2012-04-03 22:15:59 +0530 |
|---|---|---|
| committer | Hari Sankar R <hsr@theinglorio.us> | 2012-04-03 22:15:59 +0530 |
| commit | 084e1ae5603f4204945d25afcfabaeb1198df20f (patch) | |
| tree | 64bd11fbfe0e24dbe4c6f57deb75d62c11119dae /phpBB/includes/ucp/ucp_prefs.php | |
| parent | 3477b5e5a8c419f28d477a4764f5d29f3b04dc79 (diff) | |
| download | forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.gz forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.bz2 forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.xz forums-084e1ae5603f4204945d25afcfabaeb1198df20f.zip | |
[ticket/10561] All users can choose deactivated styles (fixed).
A form exploit enabled the users to select a deactivated
style. Fixed with extra check on submit, with a new function
styles_verify to check if the selected style is activated or not.
PHPBB3-10561
Diffstat (limited to 'phpBB/includes/ucp/ucp_prefs.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index 13167b2b3d..0df8acd5af 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -61,7 +61,8 @@ class ucp_prefs if ($submit) { - $data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style']; + $data['style'] = ($config['override_user_style']) ? $config['default_style'] : + (style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style'])); $error = validate_data($data, array( 'dateformat' => array('string', false, 1, 30), |