[Fez-users] Nasty login bug and fix

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi All,

A bug in the login code for Fez was allowing users to log in without
checking the password.  Obviously this is a major problem.  The
fez-1.1 release has been changed on sourceforge to fix this problem
(the file is now called fez_1_1_beta2.tar.gz).

The fix is trivial though so you can make the change yourself:

Open the file include/class.auth.php and change the lines
   if (APP_TEST) {  =09
to
   if (APP_TEST =3D=3D=3D true) {

This line occurs in two places on lines 710 and 877.

Regards

Matthew Smith
Systems Programmer
University of Queensland Library