| Infernette |
09-03-2014 06:56 PM |
Major bug in 1.3.3 don't know if it carries over
So anyone can read messages sent to people in 1.3.3 due to the fact that they rotate by ID and the id's aren't random strings. (Can we please get a viable codegen that doesn't dupe codes plz plz plz plz plz) If you're using 1.3.3. add this after the if($mysidia->user->group ect ect) end } and it should work dandy. It's best though to look for a codegen and have the id's a string of 20 characters(don't use the default gen that is on the site as it can produce a duplicate entry. I do not know if the system was upgraded in 1.3.4 so this could be a big issue in that gen. I only found it cause I'm reworking everything but the basic $mysidia base on a test base. For science.
PHP Code:
if($this->action == "read"){
$pageURL = 'http';
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}//this here
$parts = Explode('/', $pageURL);
$the = $parts[count($parts) - 1];
$message = $mysidia->db->select("messages", array(), "id='{$the}'")->fetchObject();
if($message->touser != $mysidia->user->username)throw new NoPermissionException("This isn't your message.");
}
ALSO I'm looking for someone who can point me to a REALLY BASIC site framework or tutorial, one that has things like calling the db through a $var(like on here) a theme, and *maybe* a few basic pages(i.e. Index). If anyone knows a good basic barebones tutorial it'd be sweet. :) |
