SID Validation skipped due to incorrect $_POST variable key

Question

SID Validation skipped due to incorrect $_POST variable key

Closed this issue 4 years ago · 1 comments

xyztextbooks commented 4 years ago

In admin/actions.php, code related to SID validation when a user record is updated includes:

$stm->execute(array(':SID'=>$_POST['adminname']));

But the key "adminname" is undefined (in fact, the string "adminname" appears nowhere else in the iMathAS code).

One would expect this line to be:

$stm->execute(array(':SID'=>$_POST['SID']));

With the revised line, the code will display "Username in use - left unchanged" message.

In its current state, no message is displayed if a SID is in use, and the form will silently fail to update the SID (due to the databases enforcement of unique SID constrain).

Answer 1 · 2020-09-15T00:21:22.000Z

Whoops, thanks.