diff options
| author | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-17 17:06:16 +0000 |
|---|---|---|
| committer | Gábor Hojtsy <gabor@hojtsy.hu> | 2007-12-17 17:06:16 +0000 |
| commit | b86bb52620530b3a3ee4b471b47c4edb0c580426 (patch) | |
| tree | 36a5c0762f32245b11dd58f8fb7867fa836ae3a6 | |
| parent | 191beee5faceacb38ba1fb913cab5e342304b257 (diff) | |
| download | brdo-b86bb52620530b3a3ee4b471b47c4edb0c580426.tar.gz brdo-b86bb52620530b3a3ee4b471b47c4edb0c580426.tar.bz2 | |
#201725 by bdragon: access control was renamed to permissions but this was not reflected in two remaining permission checks
| -rw-r--r-- | modules/user/user.pages.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc index eb3e7db87..d326b43b5 100644 --- a/modules/user/user.pages.inc +++ b/modules/user/user.pages.inc @@ -258,7 +258,7 @@ function user_profile_form($form_state, $account, $category = 'account') { function user_profile_form_validate($form, &$form_state) { user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']); // Validate input to ensure that non-privileged users can't alter protected data. - if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_state['values']['roles']))) { + if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) { watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING); // set this to a value type field form_set_error('category', t('Detected malicious attempt to alter protected user fields.')); @@ -327,7 +327,7 @@ function user_confirm_delete_submit($form, &$form_state) { function user_edit_validate($form, &$form_state) { user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']); // Validate input to ensure that non-privileged users can't alter protected data. - if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_state['values']['roles']))) { + if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) { watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING); // set this to a value type field form_set_error('category', t('Detected malicious attempt to alter protected user fields.')); |