diff options
| author | Michael Tänzer <neo@nhng.de> | 2011-10-23 02:21:00 +0200 |
|---|---|---|
| committer | Michael Tänzer <neo@nhng.de> | 2011-10-23 02:21:00 +0200 |
| commit | efe894174daea27745c2db57279972174f3f387a (patch) | |
| tree | dbc04ec5ff3ceae281a49f2dc6fb19bfef9d6917 | |
| parent | 5c12fb422ce9a446f9ccef4eba5070d9a33739a9 (diff) | |
| download | cacert-devel-efe894174daea27745c2db57279972174f3f387a.tar.gz cacert-devel-efe894174daea27745c2db57279972174f3f387a.tar.xz cacert-devel-efe894174daea27745c2db57279972174f3f387a.zip | |
bug 894: Limiting the points is still critical as the points are also used
for authorization (e.g. maxpoints() relies on the value of sum(`points`) to
calculate the points an assurer may issue)
Signed-off-by: Michael Tänzer <neo@nhng.de>
| -rw-r--r-- | www/wot.php | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/www/wot.php b/www/wot.php index eef8b38..61fbc1b 100644 --- a/www/wot.php +++ b/www/wot.php @@ -252,14 +252,13 @@ $iecho= "c"; $_POST['expire'] = 0; -/* should not be necessary when 15.php is being used if(($drow['total'] + $newpoints) > 100 && $max < 100) $newpoints = 100 - $drow['total']; if(($drow['total'] + $newpoints) > $max && $max >= 100) $newpoints = $max - $drow['total']; if($newpoints < 0) $newpoints = 0; -*/ + if(mysql_escape_string(stripslashes($_POST['date'])) == "") $_POST['date'] = date("Y-m-d H:i:s"); |