EDIT: I made the changes and made it available here: [-link-]
Good stuff - It would be good if others could contact plugin developers to get the security holes closed, it's a shame to see good plugins being abandoned, when it can literally be a simple task of informing the developer of the exploit used so it can be closed.
First I replaced the old version folder with the new version, and the map doesn't load anymore, so then I decided to apply this fix manually to mapmejs.php, but I have the same problem, the map doesn't load up on users profiles with this change in place.
Cause when you do both you'll 'over do' it. I'll try to explain it as clear as I can.
Start by looking at the second method.
$uid = $_GET['u']; to $uid = intval($_GET['u']); activates an inbuilt protection from e107 It makes sure the input (the GET variable) is not malicious and it prepares it for safe usage. It takes the GET variable, it checks its validity, and it stores the safe value in the $uid variable. Once done, the $uid variable is considered as safe.
Now look at the first method. Instead of making sure the $uid variable is safe before even starting to build up a query (= request to mysql - the database where everything is stored), it does so in the query itself. You see: "gmarkers.user_id = ".$uid." and " is changed in "gmarkers.user_id = ".intval($uid)." and"
If you'd apply both methods at the same time; you'd get something like this: gmarkers.user_id = ".intval(intval($_GET['u']); )."
Hope that clears it up, just ask if you want more info
All product names mentioned herein are the trademarks of their respective owners. In addition, images, logos, pictures or other material may be trademarks or registered trademarks of their respective owners. Emote images by seb, released under the GPL license. With the kind support of Corllete Lab Studio. Forum Icons by Axialis Team.