security issue

This commit is contained in:
Mike Macgirvin 2010-10-29 22:18:05 -07:00
parent 7ae75101f1
commit 30fe8e39d6

View File

@ -2,7 +2,6 @@
if(! function_exists('profile_load')) { if(! function_exists('profile_load')) {
function profile_load(&$a, $username, $profile = 0) { function profile_load(&$a, $username, $profile = 0) {
if(remote_user()) { if(remote_user()) {
$r = q("SELECT `profile-id` FROM `contact` WHERE `id` = %d LIMIT 1", $r = q("SELECT `profile-id` FROM `contact` WHERE `id` = %d LIMIT 1",
intval($_SESSION['visitor_id'])); intval($_SESSION['visitor_id']));
@ -193,7 +192,7 @@ function profile_content(&$a, $update = 0) {
// Profile owner - everything is visible // Profile owner - everything is visible
if(is_owner) { if($is_owner) {
$sql_extra = ''; $sql_extra = '';
// Oh - while we're here... reset the Unseen messages // Oh - while we're here... reset the Unseen messages