From 67a13f74ce1b51732a9b3f759ca956bd762b0c0b Mon Sep 17 00:00:00 2001 From: mensonge Date: Fri, 14 Nov 2008 11:37:12 +0000 Subject: Bug fix: protect parameters changes in profile.php (checking current user corresponding to profile page) git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@156 b3834d28-1941-0410-a4f8-b48e95affb8f --- profile.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'profile.php') diff --git a/profile.php b/profile.php index d834144..fe86daa 100644 --- a/profile.php +++ b/profile.php @@ -65,7 +65,7 @@ $tplVars['subtitle'] = $title; $tplVars['user'] = $user; $tplVars['userid'] = $userid; -if (isset($_POST['submitted'])) { +if (isset($_POST['submitted']) && $currentUserID == $userid) { $error = false; $detPass = trim($_POST['pPass']); $detPassConf = trim($_POST['pPassConf']); -- cgit v1.2.3