1)In
my.php the "Cansel Changes" button dosen't work.
2)Security risk (SQL-injection) found by
Yuna.
In
rss.php found:
Code:
$user = mysql_fetch_row(sql_query("SELECT COUNT(*) FROM users WHERE passkey = '$passkey'"));
Change to:
Code:
$user = mysql_fetch_row(sql_query("SELECT COUNT(*) FROM users WHERE passkey = ".sqlesc($passkey)));
3)The "no avatar" image is not the same everywhere.Its different in Home page and different in torrent comments.First is located @ CURRENT_THEME/images/default_avatar.gif and the second one is located @ /pic/default_avatar.gif