From: garvinhicking <garvinhicking>
Date: Mon, 14 Apr 2008 05:26:26 +0000 (+0000)
Subject: This Patch is EVIL and has SEVERLY security impacts, can lead to people easily puttin... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=d9cc0ad519ab07b86fb78fab3c1623528fcce52c;p=s9y.git

This Patch is EVIL and has SEVERLY security impacts, can lead to people easily putting XSS on your page or changing the config of your blog without requiring a login
Uncommented.
---

diff --git a/templates/bulletproof/config.inc.php b/templates/bulletproof/config.inc.php
index 1e00940..8b82e02 100644
--- a/templates/bulletproof/config.inc.php
+++ b/templates/bulletproof/config.inc.php
@@ -268,11 +268,11 @@ $template_config = array(
     )
 );
 
-if (isset($_POST['serendipity']['template'])) {
-    $template_loaded_config =$_POST['serendipity']['template'];
-} else {
+#if (isset($_POST['serendipity']['template'])) {
+#    $template_loaded_config =$_POST['serendipity']['template'];
+#} else {
     $template_loaded_config = serendipity_loadThemeOptions($template_config, $serendipity['smarty_vars']['template_option']);
-}
+#}
 
 $navlinks = array();