[imc-sf-active] patch mailable.inc

Pseudo Punk bart at indymedia.org
Fri Apr 21 13:19:06 PDT 2006


Hey,

mail.php doesn't seem to check if there's a valid id set. so you can
basically send blanco e-mails with the form.

to avoid add, use the patch attached.

i've patched stray & ahimsa.

Bart


-------------- next part --------------
8a9,12
>         if(!is_numeric($_GET['id']) || !isset($_GET['id'])){
>                 header('Location: index.php');
>                 exit;
>         }
46a51
>                         if(!is_numeric($article->article['id'])){ header('Location: index.php'); exit; }
171a177
>                         if(!is_numeric($article->article['id'])){ header('Location: index.php'); exit; }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.indymedia.org/pipermail/imc-sf-active/attachments/20060421/a66dcb2b/attachment.pgp 


More information about the imc-sf-active mailing list