Thread: [phpesp-dev] is this line wrong?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi,

in public/handler.php I read

    // show results instead of show survey
    // but do not allow getting results from URL or FORM
    if(isset($results) && $results) {
        // small security issue here, anyone could pick a QID to=20
crossanalyze
        survey_results($sid,$precision,$totals,$qid,$cids);
        return;
    }

... isn't a echo missing there right before survey_results? like

    // show results instead of show survey
    // but do not allow getting results from URL or FORM
    if(isset($results) && $results) {
        // small security issue here, anyone could pick a QID to=20
crossanalyze
        echo survey_results($sid,$precision,$totals,$qid,$cids);
        return;
    }

Thanks for your help and of course for phpESP

--=20
mit freundlichen Gr=FC=DFen
Jochen St=E4rk

www.usegroup.de			(home office)
Albigerstr. 22			Am Wald 3
55232 Alzey			55270 Ober-Olm

Tel: (06731)997997-5		(06131)584278-0
Fax: (06731)997997-6		(06131)584278-1
Mobil: (0177)4512645

Thread: [phpesp-dev] is this line wrong?

phpesp-devel