From: Matthew S. <yo....@gm...> - 2006-01-31 02:05:37
|
Hi All, A bug in the login code for Fez was allowing users to log in without checking the password. Obviously this is a major problem. The fez-1.1 release has been changed on sourceforge to fix this problem (the file is now called fez_1_1_beta2.tar.gz). The fix is trivial though so you can make the change yourself: Open the file include/class.auth.php and change the lines if (APP_TEST) { =09 to if (APP_TEST =3D=3D=3D true) { This line occurs in two places on lines 710 and 877. Regards Matthew Smith Systems Programmer University of Queensland Library |
From: Matthew S. <yo....@gm...> - 2006-01-31 02:16:05
|
Sorry, that fix was not right - there should be quotes around the 'true' so it reads: if (APP_TEST) { to if (APP_TEST =3D=3D=3D "true") { On 1/31/06, Matthew Smith <yo....@gm...> wrote: > Hi All, > > A bug in the login code for Fez was allowing users to log in without > checking the password. Obviously this is a major problem. The > fez-1.1 release has been changed on sourceforge to fix this problem > (the file is now called fez_1_1_beta2.tar.gz). > > The fix is trivial though so you can make the change yourself: > > Open the file include/class.auth.php and change the lines > if (APP_TEST) { > to > if (APP_TEST =3D=3D=3D true) { > > This line occurs in two places on lines 710 and 877. > > Regards > > Matthew Smith > Systems Programmer > University of Queensland Library > |