|· the Nedi Board · Portal||Help Search Members Calendar|
|Welcome Guest ( Log In | Register )||Resend Validation Email|
|Welcome to Obsolete! Nedi Forum. We hope you enjoy your visit.|
You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.
Join our community!
If you're already a member please log in to your account to access all of our features:
Posted: Oct 12 2007, 10:01 AM
Member No.: 678
Joined: 25-September 07
i guess there is a missing check in User-Accounts.php while deleting a user. Normally the GET variable "del" has the value of the user that should be deleted. If this variable is empty ALL users get deleted without further notification. A manager of my nedi setup unintentionally sent the string "User-Accounts.php?grp=&ord=&del=" to the server and removed all user Accounts.
Is this the desired behaviour or should there be a check like "isset(del)" to avoid an accidental removal of all users?
Posted: Oct 12 2007, 12:44 PM
Member No.: 3
Joined: 3-May 05
Never tried that...Good catch Will be fixed in next release.