Changeset 2770:2a2989b67bfb

Timestamp:

11/07/14 14:51:05 (11 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Prevents integer conversion of "post_id" array key, fixes #1970

File:

inc/public/lib.urlhandlers.php

-                      r2635
+                      r2770
                          # Check for match
+                         # Note: We must prefix post_id key with '#'' in pwd_cookie array in order to avoid integer conversion
+                         # because MyArray["12345"] is treated as MyArray[12345]
                          if ((!empty($_POST['password']) && $_POST['password'] == $post_password)
                          || (isset($pwd_cookie[$post_id]) && $pwd_cookie[$post_id] == $post_password))
+                         || (isset($pwd_cookie['#'.$post_id]) && $pwd_cookie['#'.$post_id] == $post_password))
+                         {
                               $pwd_cookie[$post_id] = $post_password;
+                              $pwd_cookie['#'.$post_id] = $post_password;
                               setcookie('dc_passwd',json_encode($pwd_cookie),0,'/');
+                         }

Note: See TracChangeset for help on using the changeset viewer.