2010-01-08, 11:41:47
NY: I am curious as to why this is a security hole? All it does is takes the $_GET['id'] variable and looks for a file with the same slug. If it doesn't get an ID, it goes to the homepage, and if it gets an ID that doesn't exist it throws up a 404.
To me this doesn't sound like a security hole at all.
Also, in your first post I agree with Zegnat that i like the username check the way it is. As for the cookie function, this function is changed around in version 2.0, and wont be used quite like that anymore.
To me this doesn't sound like a security hole at all.
Also, in your first post I agree with Zegnat that i like the username check the way it is. As for the cookie function, this function is changed around in version 2.0, and wont be used quite like that anymore.