While working on today's hints, I noticed a problem with the user database -- basically, whenever one user changed their "remember me for how long" setting (in the Account Information screen), Geeklog would apply that setting to all users in the system! Whoops!
After some digging, I figured out what was going on. It wasn't a security hole of any sort, just a missing where clause on a database call that would limit the update to just one user. I hadn't noticed the problem before because it only occurs when you're using a custom registration screen (as we're now doing with the captcha to shut down the comment spambots -- over 100 spam accounts were denied yesterday alone). Apparently this bug was fixed in the Geeklog CVS, but never in the release version.
I fixed the code, but if you have an account here, you should visit the above Account Information screen (the link above should work) and re-select your desired "remember me for how long" setting. Sorry for the inconvenience!
-rob.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20061003084806436