bug 1138: Always take the intval of userid
authorMichael Tänzer <neo@nhng.de>
Mon, 24 Mar 2014 15:46:34 +0000 (16:46 +0100)
committerMichael Tänzer <neo@nhng.de>
Mon, 24 Mar 2014 15:46:34 +0000 (16:46 +0100)
Either check for $_REQUEST['userid']) !== "" or unconditionally convert
to integer. Checking for intavl() != "" gives a false impression of what's
happening.

Signed-off-by: Michael Tänzer <neo@nhng.de>
includes/account.php

index e8be37b..2747f3b 100644 (file)
@@ -2747,8 +2747,7 @@ function buildSubjectFromSession() {
 
        if($id == 44)
        {
-               if(intval($_REQUEST['userid']) != "")
-                       $_REQUEST['userid'] = intval($_REQUEST['userid']);
+               $_REQUEST['userid'] = intval($_REQUEST['userid']);
                $row = mysql_fetch_assoc(mysql_query("select * from `users` where `id`='".intval($_REQUEST['userid'])."'"));
                if($row['email'] == "")
                        $id = 42;