In post_message.asp I see the line:
If strMode = "editTopic" OR strMode = "edit" AND (blnAdmin = false AND blnModerator = false) Then |
I was never too good understanding the differences between how VBScript processes ANDs and ORs without the brackets so I made a change in my version to make it this:
If (strMode = "editTopic" OR strMode = "edit") AND (blnAdmin = false OR blnModerator = false) Then |
(I also changed the AND to an OR to test for a moderator or admin.
I didn't change the line of code Mandrakes mentioned.
I'm just wondering if my code is now vulnerable to attack - I've tested from the point of view of an admin and normal member it seems to be OK.
I am using the following logic:
If message is to be edited and I am NOT an admin or moderator then test to see if I actually posted the message.
Can anyone confirm if my logic is correct and if it will break anything?
Thanks
Topic Options
Post Options
Thanks(0)
