From 67a13f74ce1b51732a9b3f759ca956bd762b0c0b Mon Sep 17 00:00:00 2001
From: mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>
Date: Fri, 14 Nov 2008 11:37:12 +0000
Subject: Bug fix: protect parameters changes in profile.php (checking current
 user corresponding to profile page)

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@156 b3834d28-1941-0410-a4f8-b48e95affb8f
---
 profile.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'profile.php')

diff --git a/profile.php b/profile.php
index d834144..fe86daa 100644
--- a/profile.php
+++ b/profile.php
@@ -65,7 +65,7 @@ $tplVars['subtitle'] = $title;
 $tplVars['user'] = $user;
 $tplVars['userid'] = $userid;
 
-if (isset($_POST['submitted'])) {
+if (isset($_POST['submitted']) && $currentUserID == $userid) {
     $error = false;
     $detPass = trim($_POST['pPass']);
     $detPassConf = trim($_POST['pPassConf']);
-- 
cgit v1.2.3