ticket 1217: when creating new accounts, select max(uid)+1, not first uid available (otherwise some new accounts may get access to non-deleted info from old deleted accounts). Patch by Patrick @ Koumbit.

2010-01-15 01:40:24 +00:00 · 2010-01-15 01:40:24 +00:00 · bc0e7cdfcc
parent 02eb088ae2
commit bc0e7cdfcc
1 changed files with 1 additions and 1 deletions
--- a/bureau/class/m_admin.php
+++ b/bureau/class/m_admin.php
@ -341,7 +341,7 @@ class m_admin {
    $db->query("SELECT count(*) AS cnt FROM membres WHERE login='$login';");
    $db->next_record();
    if (!$db->f("cnt")) {
-      $db->query("SELECT m.uid+1 as nextid FROM membres m LEFT JOIN membres n ON m.uid=n.uid-1 WHERE n.uid IS NULL ORDER BY 1 LIMIT 0,1");
+      $db->query("SELECT max(m.uid)+1 as nextid FROM membres m");
      if (!$db->next_record()) {
 	$uid=2000;
      } else {