[imc-sf-active] patch mailable.inc
Pseudo Punk
bart at indymedia.org
Fri Apr 21 13:19:06 PDT 2006
Hey,
mail.php doesn't seem to check if there's a valid id set. so you can
basically send blanco e-mails with the form.
to avoid add, use the patch attached.
i've patched stray & ahimsa.
Bart
-------------- next part --------------
8a9,12
> if(!is_numeric($_GET['id']) || !isset($_GET['id'])){
> header('Location: index.php');
> exit;
> }
46a51
> if(!is_numeric($article->article['id'])){ header('Location: index.php'); exit; }
171a177
> if(!is_numeric($article->article['id'])){ header('Location: index.php'); exit; }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.indymedia.org/pipermail/imc-sf-active/attachments/20060421/a66dcb2b/attachment.pgp
More information about the imc-sf-active
mailing list