From efe894174daea27745c2db57279972174f3f387a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20T=C3=A4nzer?= Date: Sun, 23 Oct 2011 02:21:00 +0200 Subject: bug 894: Limiting the points is still critical as the points are also used for authorization (e.g. maxpoints() relies on the value of sum(`points`) to calculate the points an assurer may issue) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michael Tänzer --- www/wot.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/www/wot.php b/www/wot.php index eef8b38..61fbc1b 100644 --- a/www/wot.php +++ b/www/wot.php @@ -252,14 +252,13 @@ $iecho= "c"; $_POST['expire'] = 0; -/* should not be necessary when 15.php is being used if(($drow['total'] + $newpoints) > 100 && $max < 100) $newpoints = 100 - $drow['total']; if(($drow['total'] + $newpoints) > $max && $max >= 100) $newpoints = $max - $drow['total']; if($newpoints < 0) $newpoints = 0; -*/ + if(mysql_escape_string(stripslashes($_POST['date'])) == "") $_POST['date'] = date("Y-m-d H:i:s"); -- cgit v1.2.1