summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Tänzer <neo@nhng.de>2014-03-24 16:46:34 +0100
committerMichael Tänzer <neo@nhng.de>2014-03-24 16:46:34 +0100
commitf6cecf7628e2db1d201615f2a0be87a077c6780f (patch)
tree2bbe435e17c178a3fd42647d15bcf9565339841c
parentef07f2ee6b4c3350f5b7b906eb95a3fd9aae1b77 (diff)
downloadcacert-devel-f6cecf7628e2db1d201615f2a0be87a077c6780f.tar.gz
cacert-devel-f6cecf7628e2db1d201615f2a0be87a077c6780f.tar.xz
cacert-devel-f6cecf7628e2db1d201615f2a0be87a077c6780f.zip
bug 1138: Always take the intval of userid
Either check for $_REQUEST['userid']) !== "" or unconditionally convert to integer. Checking for intavl() != "" gives a false impression of what's happening. Signed-off-by: Michael Tänzer <neo@nhng.de>
-rw-r--r--includes/account.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/includes/account.php b/includes/account.php
index e8be37b..2747f3b 100644
--- a/includes/account.php
+++ b/includes/account.php
@@ -2747,8 +2747,7 @@ function buildSubjectFromSession() {
if($id == 44)
{
- if(intval($_REQUEST['userid']) != "")
- $_REQUEST['userid'] = intval($_REQUEST['userid']);
+ $_REQUEST['userid'] = intval($_REQUEST['userid']);
$row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
if($row['email'] == "")
$id = 42;