Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10790

Strict comparison on user_id for sending pms

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 3.0.10
    • Fix Version/s: 3.0.11-RC1
    • Component/s: Other
    • Labels:
      None

      Description

      F.e. includes/functions_privmsgs.php

      				// Additionally, do not include the sender if he is in the group he wants to send to. ;)
      				if ($row['user_id'] === $user->data['user_id'])
      				{
      					continue;
      				}

      This code compares two strings to be exactly the same. If there is a MOD that casts the global user_id to int (which I think is a security addition), the comparison will fail.
      (In this case it sends group pms also to the sender.)
      The code should either check == only, or both values should be casted to int.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bantu Andreas Fischer
                Reporter:
                nickvergessen Joas Schilling
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: