From: Matthew S. <yo....@gm...> - 2006-01-31 02:05:37
|
Hi All, A bug in the login code for Fez was allowing users to log in without checking the password. Obviously this is a major problem. The fez-1.1 release has been changed on sourceforge to fix this problem (the file is now called fez_1_1_beta2.tar.gz). The fix is trivial though so you can make the change yourself: Open the file include/class.auth.php and change the lines if (APP_TEST) { =09 to if (APP_TEST =3D=3D=3D true) { This line occurs in two places on lines 710 and 877. Regards Matthew Smith Systems Programmer University of Queensland Library |