mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-31 14:00:31 +02:00
Code Issues Releases Wiki Activity

[ticket/10561] All users can choose deactivated styles (fixed).

Browse Source 
A form exploit enabled the users to select a deactivated
style. Fixed with extra check on submit, with a new function
styles_verify to check if the selected style is activated or not.

PHPBB3-10561
This commit is contained in:
Hari Sankar R
2012-04-03 22:15:59 +05:30
parent 3477b5e5a8
commit 084e1ae560
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
phpBB/includes/ucp/ucp_prefs.php
View File

@@ -61,7 +61,8 @@ class ucp_prefs
if ($submit)
{
$data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style'];
$data['style'] = ($config['override_user_style']) ? $config['default_style'] :
(style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style']));
$error = validate_data($data, array(
'dateformat' => array('string', false, 1, 30),