diff options
author | David Rothstein <drothstein@gmail.com> | 2016-02-24 14:19:52 -0500 |
---|---|---|
committer | David Rothstein <drothstein@gmail.com> | 2016-02-24 14:19:52 -0500 |
commit | 2f54b101bf722849e456d859876b27b90ad7e479 (patch) | |
tree | 9fdf1d34a03ec83b95a4fbcced22bb1b599f76d0 /modules/user/user.module | |
parent | aaf2d59820d7daf70c3acdde20c0e13d618a4e07 (diff) | |
download | brdo-2f54b101bf722849e456d859876b27b90ad7e479.tar.gz brdo-2f54b101bf722849e456d859876b27b90ad7e479.tar.bz2 |
Drupal 7.43
Diffstat (limited to 'modules/user/user.module')
-rw-r--r-- | modules/user/user.module | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index c33aa0982..d38de69b1 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -1308,10 +1308,12 @@ function user_user_presave(&$edit, $account, $category) { elseif (!empty($edit['picture_delete'])) { $edit['picture'] = NULL; } - // Prepare user roles. - if (isset($edit['roles'])) { - $edit['roles'] = array_filter($edit['roles']); - } + } + + // Filter out roles with empty values to avoid granting extra roles when + // processing custom form submissions. + if (isset($edit['roles'])) { + $edit['roles'] = array_filter($edit['roles']); } // Move account cancellation information into $user->data. @@ -2227,7 +2229,11 @@ function user_login_final_validate($form, &$form_state) { } } else { - form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password', array('query' => array('name' => $form_state['values']['name'])))))); + // Use $form_state['input']['name'] here to guarantee that we send + // exactly what the user typed in. $form_state['values']['name'] may have + // been modified by validation handlers that ran earlier than this one. + $query = isset($form_state['input']['name']) ? array('name' => $form_state['input']['name']) : array(); + form_set_error('name', t('Sorry, unrecognized username or password. <a href="@password">Have you forgotten your password?</a>', array('@password' => url('user/password', array('query' => $query))))); watchdog('user', 'Login attempt failed for %user.', array('%user' => $form_state['values']['name'])); } } |