#75289: Don't allow user 1 to be blocked or deleted

1 files changed, 8 insertions, 2 deletions

diff --git a/modules/user/user.module b/modules/user/user.module
index 8e0323770..f1d6c5792 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -1301,7 +1301,7 @@ function user_edit_form($uid, $edit, $register = FALSE) {
       '#required' => TRUE,
     );
   }
-  if ($admin) {
+  if ($admin && $uid != 1) {
     $form['account']['status'] = array('#type' => 'radios', '#title' => t('Status'), '#default_value' => isset($edit['status']) ? $edit['status'] : 1, '#options' => array(t('Blocked'), t('Active')));
   }
   if (user_access('administer access control')) {
@@ -1385,6 +1385,9 @@ function user_edit($category = 'account') {
   $edit = $_POST['op'] ? $_POST : (array)$account;
 
   if (arg(2) == 'delete') {
+    if ($account->uid == 1) {
+      return drupal_not_found();
+    }
     if ($edit['confirm']) {
       user_delete($edit, $account->uid);
       drupal_goto('admin/user/user');
@@ -1394,6 +1397,9 @@ function user_edit($category = 'account') {
     }
   }
   else if ($_POST['op'] == t('Delete')) {
+    if ($account->uid == 1) {
+      return drupal_not_found();
+    }
     if ($_REQUEST['destination']) {
       $destination = drupal_get_destination();
       unset($_REQUEST['destination']);
@@ -1406,7 +1412,7 @@ function user_edit($category = 'account') {
   $form['_category'] = array('#type' => 'value', '#value' => $category);
   $form['_account'] = array('#type' => 'value', '#value' => $account);
   $form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30);
-  if (user_access('administer users')) {
+  if (user_access('administer users') && $account->uid != 1) {
     $form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31);
   }
   $form['#attributes']['enctype'] = 'multipart/form-data';