olevole
commented
3 years ago You're right. apparently this is an artifact from the old code. I suppose it can be removed
Open bozhinov opened 3 years ago
olevole
commented
3 years ago You're right. apparently this is an artifact from the old code. I suppose it can be removed
https://github.com/clonos/control-pane/blob/228e14b062c416bfc24dca1feaade6a9c0d397cb/public/index.php#L73
<script type="text/javascript"> _first_start=true; err_messages={add:function(arr){for(n in arr){err_messages[n]=arr[n];}}}; user_id='1';user_login='admin'; </script>I can't find any reference to user_login anywhere else in the code Question is if user_id is being passed to some other script like public\js\clonos.js to be used for user deletion or other sensitive stuff ?
I mean I can craft the page to make myself admin. admin is user_id = 1