#201725 by bdragon: access control was renamed to permissions but this was not reflected in two remaining permission checks

author: Gábor Hojtsy <gabor@hojtsy.hu> 2007-12-17 17:06:16 +0000
committer: Gábor Hojtsy <gabor@hojtsy.hu> 2007-12-17 17:06:16 +0000
commit: b86bb52620530b3a3ee4b471b47c4edb0c580426 (patch)
tree: 36a5c0762f32245b11dd58f8fb7867fa836ae3a6 /modules
parent: 191beee5faceacb38ba1fb913cab5e342304b257 (diff)
download: brdo-b86bb52620530b3a3ee4b471b47c4edb0c580426.tar.gz
brdo-b86bb52620530b3a3ee4b471b47c4edb0c580426.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index eb3e7db87..d326b43b5 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -258,7 +258,7 @@ function user_profile_form($form_state, $account, $category = 'account') {
 function user_profile_form_validate($form, &$form_state) {
   user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
   // Validate input to ensure that non-privileged users can't alter protected data.
-  if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_state['values']['roles']))) {
+  if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
     watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
     // set this to a value type field
     form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
@@ -327,7 +327,7 @@ function user_confirm_delete_submit($form, &$form_state) {
 function user_edit_validate($form, &$form_state) {
   user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
   // Validate input to ensure that non-privileged users can't alter protected data.
-  if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_state['values']['roles']))) {
+  if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
     watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
     // set this to a value type field
     form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
author	Gábor Hojtsy <gabor@hojtsy.hu>	2007-12-17 17:06:16 +0000
committer	Gábor Hojtsy <gabor@hojtsy.hu>	2007-12-17 17:06:16 +0000
commit	b86bb52620530b3a3ee4b471b47c4edb0c580426 (patch)
tree	36a5c0762f32245b11dd58f8fb7867fa836ae3a6 /modules
parent	191beee5faceacb38ba1fb913cab5e342304b257 (diff)
download	brdo-b86bb52620530b3a3ee4b471b47c4edb0c580426.tar.gz brdo-b86bb52620530b3a3ee4b471b47c4edb0c580426.tar.bz2