summaryrefslogtreecommitdiff
path: root/modules/user
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user')
-rw-r--r--modules/user/user.module8
-rw-r--r--modules/user/user.pages.inc19
2 files changed, 14 insertions, 13 deletions
diff --git a/modules/user/user.module b/modules/user/user.module
index 66cb92fa9..ac15ecdbe 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -485,8 +485,8 @@ function user_save($account, $edit = array(), $category = 'account') {
}
// Save Field data.
- $obj = (object) $edit;
- field_attach_update('user', $obj);
+ $object = (object) $edit;
+ field_attach_update('user', $object);
// Refresh user object.
$user = user_load($account->uid, TRUE);
@@ -521,8 +521,8 @@ function user_save($account, $edit = array(), $category = 'account') {
// Build the initial user object.
$user = user_load($edit['uid'], TRUE);
- $obj = (object) $edit;
- field_attach_insert('user', $obj);
+ $object = (object) $edit;
+ field_attach_insert('user', $object);
user_module_invoke('insert', $edit, $user, $category);
diff --git a/modules/user/user.pages.inc b/modules/user/user.pages.inc
index f1fb2f42d..7a055eb97 100644
--- a/modules/user/user.pages.inc
+++ b/modules/user/user.pages.inc
@@ -266,13 +266,12 @@ function user_profile_form($form_state, $account, $category = 'account') {
* Validation function for the user account and profile editing form.
*/
function user_profile_form_validate($form, &$form_state) {
- // Validate field widgets.
- $tmp_obj = (object) $form_state['values'];
- field_attach_validate('user', $tmp_obj, $form, $form_state);
-
- user_module_invoke('validate', $form_state['values'], $form_state['values']['_account'], $form_state['values']['_category']);
+ $edit = (object)$form_state['values'];
+ field_attach_form_validate('user', $edit, $form, $form_state);
+ $edit = (array)$edit;
+ user_module_invoke('validate', $edit, $form_state['values']['_account'], $form_state['values']['_category']);
// Validate input to ensure that non-privileged users can't alter protected data.
- if ((!user_access('administer users') && array_intersect(array_keys($form_state['values']), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
+ if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) || (!user_access('administer permissions') && isset($form_state['values']['roles']))) {
watchdog('security', 'Detected malicious attempt to alter protected user fields.', array(), WATCHDOG_WARNING);
// set this to a value type field
form_set_error('category', t('Detected malicious attempt to alter protected user fields.'));
@@ -287,9 +286,11 @@ function user_profile_form_submit($form, &$form_state) {
$category = $form_state['values']['_category'];
unset($form_state['values']['_account'], $form_state['values']['op'], $form_state['values']['submit'], $form_state['values']['cancel'], $form_state['values']['form_token'], $form_state['values']['form_id'], $form_state['values']['_category'], $form_state['values']['form_build_id']);
- field_attach_submit('user', $account, $form, $form_state);
- user_module_invoke('submit', $form_state['values'], $account, $category);
- user_save($account, $form_state['values'], $category);
+ $edit = (object)$form_state['values'];
+ field_attach_submit('user', $edit, $form, $form_state);
+ $edit = (array)$edit;
+ user_module_invoke('submit', $edit, $account, $category);
+ user_save($account, $edit, $category);
// Clear the page cache because pages can contain usernames and/or profile information:
cache_clear_all();
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 22:45:52 +0000