- Patch #10718 by drumm: bugfix: it was possible to save a user with no roles assigned when the form clearly said at least one was required. The result of saving that was silently leaving the roles unchanged, which is rather bad.

2 files changed, 12 insertions, 0 deletions

diff --git a/modules/user.module b/modules/user.module
index 3b211635d..400393e32 100644
--- a/modules/user.module
+++ b/modules/user.module
@@ -1041,6 +1041,12 @@ function user_edit_validate($uid, &$edit) {
     form_set_error('mail', t('The e-mail address %e-mail has been denied access.', array('%e-mail' => '<em>'. $edit['mail'] .'</em>')));
   }
 
+  // Validate the roles
+  if (!$edit['roles']) {
+    form_set_error('roles', t('You must select at least one role.'));
+    $edit['roles'] = array();
+  }
+
   // If required, validate the uploaded picture.
   if ($file = file_check_upload('picture')) {
     $user = user_load(array('uid' => $uid));
diff --git a/modules/user/user.module b/modules/user/user.module
index 3b211635d..400393e32 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1041,6 +1041,12 @@ function user_edit_validate($uid, &$edit) {
     form_set_error('mail', t('The e-mail address %e-mail has been denied access.', array('%e-mail' => '<em>'. $edit['mail'] .'</em>')));
   }
 
+  // Validate the roles
+  if (!$edit['roles']) {
+    form_set_error('roles', t('You must select at least one role.'));
+    $edit['roles'] = array();
+  }
+
   // If required, validate the uploaded picture.
   if ($file = file_check_upload('picture')) {
     $user = user_load(array('uid' => $uid));