diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-06-12 07:19:17 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2007-06-12 07:19:17 +0000 |
| commit | 987213388ef8e1e00f30ca6c9107e69afc3cbc1f (patch) | |
| tree | 04ddbd370888985cdb678f334f9550057d0d1080 | |
| parent | cc9d13a9a29764ce30ecb67dbdec3cc431a95355 (diff) | |
| download | ampache-987213388ef8e1e00f30ca6c9107e69afc3cbc1f.tar.gz ampache-987213388ef8e1e00f30ca6c9107e69afc3cbc1f.tar.bz2 ampache-987213388ef8e1e00f30ca6c9107e69afc3cbc1f.zip | |
fixed a potential security issue where the password hash was being put into the object :S
| -rw-r--r-- | lib/class/user.class.php | 4 | ||||
| -rw-r--r-- | templates/show_recently_played.inc.php | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 5b4b77b6..be0bfe31 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -55,9 +55,11 @@ class User { if (!count($info)) { return false; } foreach ($info as $key=>$value) { + // Let's not save the password in this object :S + if ($key == 'password') { continue; } + $this->$key = $value; } - $this->uid = $info->id; $this->set_preferences(); diff --git a/templates/show_recently_played.inc.php b/templates/show_recently_played.inc.php index 47c383a7..5b58afcc 100644 --- a/templates/show_recently_played.inc.php +++ b/templates/show_recently_played.inc.php @@ -63,7 +63,7 @@ $time_unit = array('',_('seconds ago'),_('minutes ago'),_('hours ago'),_('days a ?> <tr> <td> - <a href="<?php echo Config::get('web_path'); ?>/stats.php?action=user_stats&user_id=<?php echo scrub_out($row_user->id); ?>"> + <a href="<?php echo Config::get('web_path'); ?>/stats.php?action=show_user&user_id=<?php echo scrub_out($row_user->id); ?>"> <?php echo scrub_out($row_user->fullname); ?> </a> </td> |