Changeset:
2e745e6cdcc9
https://sourceforge.net/p/mrbs/hg-code/ci/2e745e6cdcc986ccdbf6d246793252d9c1bc1fa7
Author:
John Beranek <[email protected]>
Date:
Sat Mar 18 09:05:57 2017 +0000
Log message:
Disallow password changes from edit_users.php via GET.
diffstat:
web/edit_users.php | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diffs (14 lines):
diff -r 83560c204a88 -r 2e745e6cdcc9 web/edit_users.php
--- a/web/edit_users.php Fri Mar 17 10:14:34 2017 +0000
+++ b/web/edit_users.php Sat Mar 18 09:05:57 2017 +0000
@@ -40,8 +40,8 @@
// Get non-standard form variables
$Action = get_form_var('Action', 'string');
$Id = get_form_var('Id', 'int');
-$password0 = get_form_var('password0', 'string');
-$password1 = get_form_var('password1', 'string');
+$password0 = get_form_var('password0', 'string', null, INPUT_POST);
+$password1 = get_form_var('password1', 'string', null, INPUT_POST);
$invalid_email = get_form_var('invalid_email', 'int');
$name_empty = get_form_var('name_empty', 'int');
$name_not_unique = get_form_var('name_not_unique', 'int');
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Mrbs-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mrbs-commits
