1 files changed, 23 insertions, 15 deletions
diff --git a/modules/user/user.module b/modules/user/user.module
index b45257ec0..486f1b75c 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -89,15 +89,6 @@ function user_load($array = array()) {
 }
 
 function user_save($account, $array = array()) {
-
-  if (!user_access("administer users")) {
-    if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) {
-      watchdog("warning", "detected malicious attempt to alter a protected database field");
-    }
-
-    unset($array["rid"], $array["init"], $array["rating"], $array["session"]);
-  }
-
   /*
   ** Dynamically compose a SQL query:
   */
@@ -546,7 +537,7 @@ function user_login($edit = array(), $msg = "") {
           if (module_invoke($module, "auth", $name, $pass, $server)) {
             if (variable_get("user_register", 1) == 1 && !user_load(array("name" => "$name@$server"))) { //register this new user
               watchdog("user", "new user: $name@$server ($module ID)");
-              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "rid" => _user_authenticated_id(), "status" => 1, "authname_$module" => "$name@$server"));
+              $user = user_save("", array("name" => "$name@$server", "pass" => user_password(), "init" => "$name@$server", "status" => 1, "authname_$module" => "$name@$server"));
               break;
             }
           }
@@ -777,8 +768,10 @@ function user_register($edit = array()) {
     $pass = user_password();
 
     // create new user account, noting whether administrator approval is required
-    admin_access_init();
-    $account = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "status" => (variable_get("user_register", 1) == 1 ? 1 : 0)), $data));
+    user_role_init();
+    // TODO: is this necessary? Won't session_write replicate this?
+    unset($edit["session"]);
+    $account = user_save("", array_merge(array("name" => $edit["name"], "pass" => $pass, "init" => $edit["mail"], "mail" => $edit["mail"], "rid" => _user_authenticated_id(), "rating" => 0, "status" => (variable_get("user_register", 1) == 1 ? 1 : 0)), $data));
     watchdog("user", "new user: '". $edit["name"] ."' &lt;". $edit["mail"] ."&gt;");
 
     $variables = array("%username" => $edit["name"], "%site" => variable_get("site_name", "drupal"), "%password" => $pass, "%uri" => path_uri(), "%uri_brief" => path_uri(1), "%mailto" => $edit["mail"], "%date" => format_date(time()));
@@ -904,9 +897,24 @@ function user_edit($edit = array()) {
             $error = t("The specified passwords do not match.");
           }
         }
-
         unset($edit["pass1"], $edit["pass2"]);
 
+        /*
+        ** Validate input fields to make sure users don't submit
+        ** invalid form.
+        */
+
+        if (!user_access("administer users")) {
+           if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) {
+             watchdog("warning", "detected malicious attempt to alter a protected database field");
+           }
+        
+           $edit["rid"] = $user->rid;
+           $edit["init"] = $user->init;
+           $edit["rating"] = $user->rating;
+           $edit["session"] = $user->session;
+        }
+
         if (!$error) {
           /*
           ** Save user information:
@@ -1479,7 +1487,7 @@ function user_admin_account() {
 
 }
 
-function admin_access_init() {
+function user_role_init() {
   $role = db_fetch_object(db_query("SELECT * FROM role WHERE name = 'anonymous user'"));
   if (!$role) {
     db_query("INSERT INTO role (name) VALUES ('anonymous user')");
@@ -1499,7 +1507,7 @@ function user_admin() {
     ** Initialize all the roles and permissions:
     */
 
-    admin_access_init();
+    user_role_init();
 
     /*
     ** Compile a list of the administrative links: