diff options
| author | Dries Buytaert <dries@buytaert.net> | 2010-01-14 19:21:55 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2010-01-14 19:21:55 +0000 |
| commit | dfebdecfa7b37822e2fcdeb53064a9f60f277bc3 (patch) | |
| tree | 539f0167a981c6222f7e2887168ccab5148a730e /modules/user/user.module | |
| parent | 0bc9acfad38113d8b091a91b03aab23fbebbcf15 (diff) | |
| download | brdo-dfebdecfa7b37822e2fcdeb53064a9f60f277bc3.tar.gz brdo-dfebdecfa7b37822e2fcdeb53064a9f60f277bc3.tar.bz2 | |
- Patch #46149 by Senpai, sun, alexanderpas, hunmonk, ChrisKennedy, tstoeckler, cwgordon7: prevent account cancellation for uid 1.
Diffstat (limited to 'modules/user/user.module')
| -rw-r--r-- | modules/user/user.module | 32 |
1 files changed, 27 insertions, 5 deletions
diff --git a/modules/user/user.module b/modules/user/user.module index 993b13f58..c906c5cdc 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -2747,10 +2747,29 @@ function user_multiple_cancel_confirm($form, &$form_state) { $edit = $form_state['input']; $form['accounts'] = array('#prefix' => '<ul>', '#suffix' => '</ul>', '#tree' => TRUE); - // array_filter() returns only elements with TRUE values. - foreach (array_filter($edit['accounts']) as $uid => $value) { - $user = db_query('SELECT name FROM {users} WHERE uid = :uid', array(':uid' => $uid))->fetchField(); - $form['accounts'][$uid] = array('#type' => 'hidden', '#value' => $uid, '#prefix' => '<li>', '#suffix' => check_plain($user) . "</li>\n"); + $accounts = user_load_multiple(array_keys(array_filter($edit['accounts']))); + foreach ($accounts as $uid => $account) { + // Prevent user 1 from being canceled. + if ($uid <= 1) { + continue; + } + $form['accounts'][$uid] = array( + '#type' => 'hidden', + '#value' => $uid, + '#prefix' => '<li>', + '#suffix' => check_plain($account->name) . "</li>\n", + ); + } + + // Output a notice that user 1 cannot be canceled. + if (isset($accounts[1])) { + $redirect = (count($accounts) == 1); + $message = t('The user account %name cannot be cancelled.', array('%name' => $accounts[1]->name)); + drupal_set_message($message, $redirect ? 'error' : 'warning'); + // If only user 1 was selected, redirect to the overview. + if ($redirect) { + drupal_goto('admin/people'); + } } $form['operation'] = array('#type' => 'hidden', '#value' => 'cancel'); @@ -2799,6 +2818,10 @@ function user_multiple_cancel_confirm_submit($form, &$form_state) { if ($form_state['values']['confirm']) { foreach ($form_state['values']['accounts'] as $uid => $value) { + // Prevent programmatic form submissions from cancelling user 1. + if ($uid <= 1) { + continue; + } // Prevent user administrators from deleting themselves without confirmation. if ($uid == $user->uid) { $admin_form_state = $form_state; @@ -2812,7 +2835,6 @@ function user_multiple_cancel_confirm_submit($form, &$form_state) { } } $form_state['redirect'] = 'admin/people'; - return; } /** |