diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-11-14 21:49:47 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-11-14 21:49:47 +0000 |
| commit | ad74b700c49b3c6ad46a2c1a3c6fed2528fea6cf (patch) | |
| tree | 08fe7d916424c2cd2a6703a829a806019dff5b33 /modules/user/user.module | |
| parent | d5d0149abedd5cb0c87877fa58a3a542ece335ad (diff) | |
| download | brdo-ad74b700c49b3c6ad46a2c1a3c6fed2528fea6cf.tar.gz brdo-ad74b700c49b3c6ad46a2c1a3c6fed2528fea6cf.tar.bz2 | |
- Patch #32669 by DriesK: split blocking users from 'adminsiter access'.
Diffstat (limited to 'modules/user/user.module')
| -rw-r--r-- | modules/user/user.module | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 72564c5e8..af603cd75 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -1154,8 +1154,10 @@ function user_edit_form($uid, $edit) { $form['account']['name'] = array('#type' => 'textfield', '#title' => t('Username'), '#default_value' => $edit['name'], '#maxlength' => 55, '#description' => t('Your full name or your preferred username: only letters, numbers and spaces are allowed.'), '#required' => TRUE); $form['account']['mail'] = array('#type' => 'textfield', '#title' => t('E-mail address'), '#default_value' => $edit['mail'], '#maxlength' => 55, '#description' => t('Insert a valid e-mail address. All e-mails from the system will be sent to this address. The e-mail address is not made public and will only be used if you wish to receive a new password or wish to receive certain news or notifications by e-mail.'), '#required' => TRUE); $form['account']['pass'] = array('#type' => 'item', '#title' => t('Password'), '#value' => '<input type="password" class="form-password" name="edit[pass1]" size="12" maxlength="24" /> <input type="password" class="form-password" name="edit[pass2]" size="12" maxlength="24" />', '#required' => true); - if (user_access('administer access control')) { + if (user_access('administer users')) { $form['account']['status'] = array('#type' => 'radios', '#title' => t('Status'), '#default_value' => $edit['status'], '#options' => array(t('Blocked'), t('Active'))); + } + if (user_access('administer access control')) { $form['account']['roles'] = array('#type' => 'checkboxes', '#title' => t('Roles'), '#default_value' => array_keys($edit['roles']), '#options' => user_roles(1), '#description' => t('Select at least one role. The user receives the combined permissions of all of the selected roles.'), '#required' => TRUE); } @@ -1244,7 +1246,8 @@ function user_edit($category = 'account') { if (!form_get_errors()) { // Validate input to ensure that non-privileged users can't alter protected data. - if (!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'roles', 'init', 'session'))) { + if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) || + (!user_access('administer access control') && isset($edit['roles']))) { watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); } else { |