diff options
| author | Andreas Gohr <andi@splitbrain.org> | 2008-02-13 22:45:05 +0100 |
|---|---|---|
| committer | Andreas Gohr <andi@splitbrain.org> | 2008-02-13 22:45:05 +0100 |
| commit | 4c21b7eea3e9e9499d46278e87c9c305a1bd47f2 (patch) | |
| tree | 443ea32207809a329b2bed785ced4a87b8e4eb36 | |
| parent | 39ba889012d68304e927ce9d3df5e0b444cd3bc6 (diff) | |
| download | rpg-4c21b7eea3e9e9499d46278e87c9c305a1bd47f2.tar.gz rpg-4c21b7eea3e9e9499d46278e87c9c305a1bd47f2.tar.bz2 | |
make sure not supported profile fields are not accepted FS#1329
darcs-hash:20080213214505-7ad00-8ff1974ccbab38168f95072faaeb53134f95b926.gz
| -rw-r--r-- | inc/auth.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/inc/auth.php b/inc/auth.php index 027e9c685..d511930dc 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -640,9 +640,10 @@ function updateprofile() { return false; } - if ($_POST['fullname'] != $INFO['userinfo']['name']) $changes['name'] = $_POST['fullname']; - if ($_POST['email'] != $INFO['userinfo']['mail']) $changes['mail'] = $_POST['email']; - if (!empty($_POST['newpass'])) $changes['pass'] = $_POST['newpass']; + if ($_POST['fullname'] != $INFO['userinfo']['name'] && $auth->canDo('modName')) $changes['name'] = $_POST['fullname']; + if ($_POST['email'] != $INFO['userinfo']['mail'] && $auth->canDo('modMail')) $changes['mail'] = $_POST['email']; + if (!empty($_POST['newpass']) && $auth->canDo['modPass']) $changes['pass'] = $_POST['newpass']; + if (!count($changes)) { msg($lang['profnochange'], -1); |