Possible security problem #44
Description
Line 73 in 228e14b
<script type="text/javascript"> _first_start=true; err_messages={add:function(arr){for(n in arr){err_messages[n]=arr[n];}}}; user_id='1';user_login='admin'; </script>
I can't find any reference to user_login anywhere else in the code
Question is if user_id is being passed to some other script like public\js\clonos.js
to be used for user deletion or other sensitive stuff ?
I mean I can craft the page to make myself admin. admin is user_id = 1