summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
093b58d)
Confidential data was not secure from people who acquired these urls.
<?php
$body = ob_get_clean();
<?php
$body = ob_get_clean();
-if ($username = @$_REQUEST['login']) {
+if ($User->admin('user') and $username = @$_REQUEST['login']) {
try {
$user = new User("profile/$username");
}
try {
$user = new User("profile/$username");
}