missing user id deletes all users
| · the Nedi Board · Portal |
 Help
 Search
 Members
 Calendar
|
| Welcome Guest ( Log In | Register ) | Resend Validation Email |
| Welcome to Obsolete! Nedi Forum. We hope you enjoy your visit. You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free. Join our community! If you're already a member please log in to your account to access all of our features: |
   |
missing user id deletes all users| dbernhardt |
Posted: Oct 12 2007, 10:01 AM
|
|
Junior Member  Group: Members Posts: 3 Member No.: 678 Joined: 25-September 07  |
Hi all,
i guess there is a missing check in User-Accounts.php while deleting a user. Normally the GET variable "del" has the value of the user that should be deleted. If this variable is empty ALL users get deleted without further notification. A manager of my nedi setup unintentionally sent the string "User-Accounts.php?grp=&ord=&del=" to the server and removed all user Accounts. Is this the desired behaviour or should there be a check like "isset(del)" to avoid an accidental removal of all users? Daniel |
 
|
| rickli |
Posted: Oct 12 2007, 12:44 PM
|
|
Remo Group: Admin Posts: 735 Member No.: 3 Joined: 3-May 05 |
Never tried that...Good catch
 Will be fixed in next release. |
 
|
 |
|
