12-20-2014 11:18 AM
|
|
Administrator, Lead Coder
|
|
SYSTEM User glitch
Bug with user possibly registering with username as 'SYSTEM'
Lately Kyttias was asking me a question on what would happen to pouned adoptables if a malicious user registers with the username 'SYSTEM'. I tested it on my demo site and the result was not pleasant, the user would take over all owned adoptables as his/her own, although the pound center still work normally so this user is always in danger of losing his/her adoptables to others.
A fix can be done by adding these lines below line 31 in file classes/class_registervalidator.php
PHP Code:
if($username == "SYSTEM"){ $this->seterror("Cannot use SYSTEM as username."); return FALSE; }
If you have never modified this file, download the attachment will solve the problem for you quickly and easily.
|
|
Issue Details
|
Category Unknown
Status Fixed
Priority 3
Affected Version Mys v1.3.4
Fixed Version Mys v1.4.0
Users able to reproduce bug
0
Users unable to reproduce bug
0
Assigned Users
Hall of Famer
Tags
(none)
|
|
12-20-2014 11:18 AM
|
Issue Changed by Hall of Famer
|
- Attachment class_registervalidator.php uploaded
|
All times are GMT -5. The time now is 12:43 AM.
Currently Active Users: 842 (0 members and 842 guests)
Threads: 4,080, Posts: 32,024, Members: 2,016
Welcome to our newest members,
jolob.