Hi Iuri,
Why does ad_proc [ec_get_user_session_id] returns "0" instead of just 0?
Looking at the code for ec_get_user_session_id, if the expression matches with:
user_session_id="0"
Then, $user_session_id will return "0" including quotes.
Changing the regular expression to something like this should remove those:
{user_session_id=[\"]?([^;\"]+)}
..but I am sure there is a better way of doing this.
oacs-5-9 has passed a bunch of security tests, so consider looking at sec_login_read_cookie and friends.
cheers,
Ben
