oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fixed security hole

Browse source
This commit is contained in:
Len Kranendonk 2003-07-01 09:46:59 +00:00
parent 713d94221f
commit abf903c1ba
1 changed files with 1 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
lib/WebGUI/User.pm
View file

@ -293,6 +293,7 @@ sub profileField {
$class = shift; $class = shift;
$fieldName = shift; $fieldName = shift;
$value = shift; $value = shift;
$value = WebGUI::Macro::negate($value); # Len Kranendonk - 20030701: fixed security hole
if (defined $value) { if (defined $value) {
$class->{_profile}{$fieldName} = $value; $class->{_profile}{$fieldName} = $value;
WebGUI::SQL->write("delete from userProfileData where userId=$class->{_userId} and fieldName=".quote($fieldName)); WebGUI::SQL->write("delete from userProfileData where userId=$class->{_userId} and fieldName=".quote($fieldName));