[geeklog-cvs] geeklog: Explicitly don't allow editing the Anonymous user's acc...
geeklog-cvs at lists.geeklog.net
geeklog-cvs at lists.geeklog.net
Sun Mar 14 17:47:55 EDT 2010
changeset 7793:c6b33d9cc815
url: http://project.geeklog.net/cgi-bin/hgwebdir.cgi/geeklog/rev/c6b33d9cc815
user: Dirk Haun <dirk at haun-online.de>
date: Sun Mar 14 21:03:24 2010 +0100
description:
Explicitly don't allow editing the Anonymous user's account (wasn't possible before either)
diffstat:
public_html/admin/user.php | 53 +++++++++++++++++---------
1 files changed, 34 insertions(+), 19 deletions(-)
diffs (91 lines):
diff -r f2b480b608ab -r c6b33d9cc815 public_html/admin/user.php
--- a/public_html/admin/user.php Sun Mar 14 18:36:18 2010 +0100
+++ b/public_html/admin/user.php Sun Mar 14 21:03:24 2010 +0100
@@ -462,8 +462,10 @@
$retval = '';
$userChanged = false;
- if ($_USER_VERBOSE) COM_errorLog("**** entering saveusers****",1);
- if ($_USER_VERBOSE) COM_errorLog("group size at beginning = " . count($groups),1);
+ if ($_USER_VERBOSE) {
+ COM_errorLog("**** entering saveusers****", 1);
+ COM_errorLog("group size at beginning = " . count($groups), 1);
+ }
if ($passwd != $passwd_conf) { // passwords don't match
return edituser($uid, 67);
@@ -695,7 +697,9 @@
exit;
}
- if ($_USER_VERBOSE) COM_errorLog("***************leaving saveusers*****************",1);
+ if ($_USER_VERBOSE) {
+ COM_errorLog("***************leaving saveusers*****************", 1);
+ }
return $retval;
}
@@ -1251,6 +1255,7 @@
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete user $uid and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
+ exit;
}
} elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { // save
$delphoto = '';
@@ -1263,29 +1268,39 @@
if (!isset ($_POST['userstatus'])) {
$_POST['userstatus'] = USER_ACCOUNT_ACTIVE;
}
- $display = saveusers (COM_applyFilter ($_POST['uid'], true),
- $_POST['username'], $_POST['fullname'],
- $_POST['passwd'], $_POST['passwd_conf'], $_POST['email'],
- $_POST['regdate'], $_POST['homepage'], $_POST['groups'],
- $delphoto, $_POST['userstatus'], $_POST['oldstatus']);
- if (!empty($display)) {
- $tmp = COM_siteHeader('menu', $LANG28[22]);
- $tmp .= $display;
- $tmp .= COM_siteFooter();
- $display = $tmp;
+ $uid = COM_applyFilter($_POST['uid'], true);
+ if ($uid == 1) {
+ echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
+ exit;
+ } else {
+ $display = saveusers($uid, $_POST['username'], $_POST['fullname'],
+ $_POST['passwd'], $_POST['passwd_conf'], $_POST['email'],
+ $_POST['regdate'], $_POST['homepage'], $_POST['groups'],
+ $delphoto, $_POST['userstatus'], $_POST['oldstatus']);
+ if (!empty($display)) {
+ $tmp = COM_siteHeader('menu', $LANG28[22]);
+ $tmp .= $display;
+ $tmp .= COM_siteFooter();
+ $display = $tmp;
+ }
}
} elseif ($mode == 'edit') {
$display .= COM_siteHeader('menu', $LANG28[1]);
$msg = '';
- if (isset ($_GET['msg'])) {
- $msg = COM_applyFilter ($_GET['msg'], true);
+ if (isset($_GET['msg'])) {
+ $msg = COM_applyFilter($_GET['msg'], true);
}
$uid = '';
- if (isset ($_GET['uid'])) {
- $uid = COM_applyFilter ($_GET['uid'], true);
+ if (isset($_GET['uid'])) {
+ $uid = COM_applyFilter($_GET['uid'], true);
}
- $display .= edituser ($uid, $msg);
- $display .= COM_siteFooter();
+ if ($uid == 1) {
+ echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
+ exit;
+ } else {
+ $display .= edituser($uid, $msg);
+ $display .= COM_siteFooter();
+ }
} elseif (($mode == 'import') && SEC_checkToken()) {
$display .= importusers();
} elseif ($mode == 'importform') {
More information about the geeklog-cvs
mailing list