From 8c9cbfee829ad8663485f91e1270317dd488645c Mon Sep 17 00:00:00 2001
From: Martin Ambrus <martin@martinambrus.com>
Date: Sat, 25 Nov 2017 12:24:51 +0100
Subject: [PATCH] fix: possibility to edit somebody else's profile

---
 GameEngine/Profile.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/GameEngine/Profile.php b/GameEngine/Profile.php
index 617b52f0..3568d18f 100755
--- a/GameEngine/Profile.php
+++ b/GameEngine/Profile.php
@@ -90,9 +90,9 @@ class Profile {
 	}
 
 	private function updateProfile($post) {
-		global $database;
+		global $database, $session;
 		$birthday = $post['jahr'].'-'.$post['monat'].'-'.$post['tag'];
-		$database->submitProfile($database->RemoveXSS($post['uid']),$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1']));
+		$database->submitProfile($session->uid,$database->RemoveXSS($post['mw']),$database->RemoveXSS($post['ort']),$database->RemoveXSS($birthday),$database->RemoveXSS($post['be2']),$database->RemoveXSS($post['be1']));
 		$varray = $database->getProfileVillages($post['uid']);
 			for($i=0;$i<=count($varray)-1;$i++) {
 				$k = trim($post['dname'.$i]);