From 0de026fc2b6910f3e894f8cfab94a9f2d5023dc8 Mon Sep 17 00:00:00 2001 From: Matt Pass Date: Sun, 24 Jun 2012 12:59:28 +0100 Subject: [PATCH] No longer passing through old password This is now picked up from config.php prior to any changes No need to pass through at all and removed as its a security risk --- lib/settings-screen.php | 1 - lib/settings.php | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/settings-screen.php b/lib/settings-screen.php index a26373a..2b2f162 100644 --- a/lib/settings-screen.php +++ b/lib/settings-screen.php @@ -90,7 +90,6 @@ new password 8 chars

confirm password

-
restricted files/folders

diff --git a/lib/settings.php b/lib/settings.php index 76123bd..b40c961 100644 --- a/lib/settings.php +++ b/lib/settings.php @@ -41,7 +41,7 @@ if (isset($_POST["theme"]) && $_POST["theme"] && $_SESSION['userLevel'] == 10) { if ($_POST['codeAssist']) {$codeAssist = "true";} else {$codeAssist = "false";}; if ($_POST['visibleTabs']) {$visibleTabs = "true";} else {$visibleTabs = "false";}; if ($_POST['lockedNav']) {$lockedNav = "true";} else {$lockedNav = "false";}; - if ($_POST['accountPassword']!="") {$accountPassword = generateHash(strClean($_POST['accountPassword']));} else {$accountPassword = strClean($_POST['oldPassword']);}; + if ($_POST['accountPassword']!="") {$accountPassword = generateHash(strClean($_POST['accountPassword']));}; $restrictedFiles = 'array("'.str_replace(', ','","',strClean($_POST['restrictedFiles'])).'")'; $bannedFiles = 'array("'.str_replace(', ','","',strClean($_POST['bannedFiles'])).'")'; $allowedIPs = 'array("'.str_replace(', ','","',strClean($_POST['allowedIPs'])).'")';