phpBB privmsg.php Cross-Site Request Forgery and Cross-Site Scripting
Quik fix (privmsg.php):
PHP kôd:
if (!($to_userdata = $db->sql_fetchrow($result)))
{
$error = TRUE;
$error_msg = $lang['No_such_user'];
Replace with:
PHP kôd:
if (!($to_userdata = $db->sql_fetchrow($result)))
{
$error = TRUE;
echo "Sorry, but no such user exists.";
exit;