Fixed XSS

17 years ago · 8eb2a6102d
parent a9b6275584
commit 8eb2a6102d
1 changed files with 1 additions and 1 deletions
--- a/pages/account/51.php
+++ b/pages/account/51.php
@ -18,7 +18,7 @@
 	$query = "select * from `tverify` where `id`='$uid' and `modified`=0";
 	$res = mysql_query($query);
 	if(mysql_num_rows($res) > 0) { ?>
-<img src="account.php?id=51&photoid=<?=$_GET['photoid']?>&img=show" border="0" width="800">
+<img src="account.php?id=51&photoid=<?=$uid ?>&img=show" border="0" width="800">
 <? } else {
        $query = "select * from `tverify` where `id`='$uid' and `modified`=1";
        $res = mysql_query($query);