Yeah. Looks like this bug is not in 4.5.3-4. I did not test it, but
looking at the source it does not look like this version would be
effected by this problem.
Hilko Bengen wrote:
notfound 336719 4.5.3-4
thank you
"Matthew A. Nicholson" <[EMAIL PROTECTED]> writes:
I don't use 4.5.3, I use 4.5.5. I can download 4.5.3 and compare the
source changes, but I don't use it and it's not an option for me to test
with it. Give me a few hours and i'll get back to you. :)
4.5.3-4 is the current version in stable and that has a higher
priority for me right now than the version in testing/unstable.
This change got introduced to session.inc after 4.5.3:
function sess_destroy($key) {
- db_query("DELETE FROM {sessions} WHERE sid = '$key'");
+ db_query("DELETE FROM {sessions} WHERE sid = '%d'", $key);
}
... and this is the last change that supposedly fixes the logout
problem.
function sess_destroy($key) {
- db_query("DELETE FROM {sessions} WHERE sid = '%d'", $key);
+ db_query("DELETE FROM {sessions} WHERE sid = '%s'", $key);
}
db_query uses sprintf to replace placeholder expressions if passed
more than one argument and it seems to me that using %s does the same
thing as PHP's string expansion as in 4.5.3.
I have removed version 4.5.3-4 from this bug. If you disagree, feel
free to add it again with a "found" statement to [EMAIL PROTECTED], with a
rationale.
Cheers,
-Hilko
--
Matthew A. Nicholson
Matt-Land.com
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
