diff options
| author | Dries Buytaert <dries@buytaert.net> | 2005-12-19 10:02:33 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2005-12-19 10:02:33 +0000 |
| commit | d21dda89b33e0dc979b55cb419377bd0538a03fc (patch) | |
| tree | 755dc424e535d157bc2bcb18f583bb5a7161089e /modules | |
| parent | 8b0461940d2e1f90799e03e226fed1fd5782e42b (diff) | |
| download | brdo-d21dda89b33e0dc979b55cb419377bd0538a03fc.tar.gz brdo-d21dda89b33e0dc979b55cb419377bd0538a03fc.tar.bz2 | |
- Patch #41305 by chx: user edit form submit model rewrite.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/user.module | 44 | ||||
| -rw-r--r-- | modules/user/user.module | 44 |
2 files changed, 48 insertions, 40 deletions
diff --git a/modules/user.module b/modules/user.module index 1fe27acd3..7e0e24688 100644 --- a/modules/user.module +++ b/modules/user.module @@ -1259,25 +1259,7 @@ function user_edit($category = 'account') { $account = user_load(array('uid' => arg(1))); $edit = $_POST['op'] ? $_POST['edit'] : object2array($account); - if ($_POST['op'] == t('Submit')) { - user_module_invoke('validate', $edit, $account, $category); - - if (!form_get_errors()) { - // Validate input to ensure that non-privileged users can't alter protected data. - if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) || - (!user_access('administer access control') && isset($edit['roles']))) { - watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); - } - else { - user_save($account, $edit, $category); - // Delete that user's menu cache. - cache_clear_all('menu:'. $account->uid, TRUE); - drupal_set_message(t('The changes have been saved.')); - drupal_goto("user/$account->uid"); - } - } - } - else if (arg(2) == 'delete') { + if (arg(2) == 'delete') { if ($edit['confirm']) { db_query('DELETE FROM {users} WHERE uid = %d', $account->uid); db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid); @@ -1297,6 +1279,8 @@ function user_edit($category = 'account') { } $form = _user_forms($edit, $account, $category); + $form['_category'] = array('#type' => 'value', '#value' => $category); + $form['_account'] = array('#type' => 'value', '#value' => $account); $form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30); if (user_access('administer users')) { $form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31); @@ -1307,6 +1291,26 @@ function user_edit($category = 'account') { return drupal_get_form('user_edit', $form); } +function user_edit_validate($form_id, $form_values) { + user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']); + // Validate input to ensure that non-privileged users can't alter protected data. + if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) { + $message = t('Detected malicious attempt to alter protected user fields.'); + watchdog('security', $message, WATCHDOG_WARNING); + // set this to a value type field + form_set_error('category', $message); + } +} + +function user_edit_submit($form_id, $form_values) { + $account = $form_values['_account']; + user_save($account, $form_values, $form_values['_category']); + // Delete that user's menu cache. + cache_clear_all('menu:'. $account->uid, TRUE); + drupal_set_message(t('The changes have been saved.')); + drupal_goto('user/'. $account->uid); +} + function user_view($uid = 0) { global $user; @@ -1920,7 +1924,7 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') { $groups = array_merge($data, $groups); } } - usort($groups, '_user_sort'); + uasort($groups, '_user_sort'); return empty($groups) ? FALSE : $groups; } diff --git a/modules/user/user.module b/modules/user/user.module index 1fe27acd3..7e0e24688 100644 --- a/modules/user/user.module +++ b/modules/user/user.module @@ -1259,25 +1259,7 @@ function user_edit($category = 'account') { $account = user_load(array('uid' => arg(1))); $edit = $_POST['op'] ? $_POST['edit'] : object2array($account); - if ($_POST['op'] == t('Submit')) { - user_module_invoke('validate', $edit, $account, $category); - - if (!form_get_errors()) { - // Validate input to ensure that non-privileged users can't alter protected data. - if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) || - (!user_access('administer access control') && isset($edit['roles']))) { - watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); - } - else { - user_save($account, $edit, $category); - // Delete that user's menu cache. - cache_clear_all('menu:'. $account->uid, TRUE); - drupal_set_message(t('The changes have been saved.')); - drupal_goto("user/$account->uid"); - } - } - } - else if (arg(2) == 'delete') { + if (arg(2) == 'delete') { if ($edit['confirm']) { db_query('DELETE FROM {users} WHERE uid = %d', $account->uid); db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid); @@ -1297,6 +1279,8 @@ function user_edit($category = 'account') { } $form = _user_forms($edit, $account, $category); + $form['_category'] = array('#type' => 'value', '#value' => $category); + $form['_account'] = array('#type' => 'value', '#value' => $account); $form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30); if (user_access('administer users')) { $form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31); @@ -1307,6 +1291,26 @@ function user_edit($category = 'account') { return drupal_get_form('user_edit', $form); } +function user_edit_validate($form_id, $form_values) { + user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']); + // Validate input to ensure that non-privileged users can't alter protected data. + if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) { + $message = t('Detected malicious attempt to alter protected user fields.'); + watchdog('security', $message, WATCHDOG_WARNING); + // set this to a value type field + form_set_error('category', $message); + } +} + +function user_edit_submit($form_id, $form_values) { + $account = $form_values['_account']; + user_save($account, $form_values, $form_values['_category']); + // Delete that user's menu cache. + cache_clear_all('menu:'. $account->uid, TRUE); + drupal_set_message(t('The changes have been saved.')); + drupal_goto('user/'. $account->uid); +} + function user_view($uid = 0) { global $user; @@ -1920,7 +1924,7 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') { $groups = array_merge($data, $groups); } } - usort($groups, '_user_sort'); + uasort($groups, '_user_sort'); return empty($groups) ? FALSE : $groups; } |