diff options
author | Andy Webber <dokuwiki@andywebber.com> | 2009-11-28 12:15:47 +0100 |
---|---|---|
committer | Andy Webber <dokuwiki@andywebber.com> | 2009-11-28 12:15:47 +0100 |
commit | 4369edaf3f94ff5a2b6d3d328d9248688ae56925 (patch) | |
tree | be22e6974c1827713a900ccbe4724a855b10db80 /inc/auth.php | |
parent | af14334b1fdba48f5fd1227dbadc653bb665ed72 (diff) | |
download | rpg-4369edaf3f94ff5a2b6d3d328d9248688ae56925.tar.gz rpg-4369edaf3f94ff5a2b6d3d328d9248688ae56925.tar.bz2 |
correctly check auth capabilities on update profile FS#1329
Ignore-this: fb853b40911201a41c237d69d91f7d24
darcs-hash:20091128111547-6ad63-0432d3b190946b2b8f7c292119e034cdcdae3a00.gz
Diffstat (limited to 'inc/auth.php')
-rw-r--r-- | inc/auth.php | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/inc/auth.php b/inc/auth.php index d52adb1ef..50c5f17ed 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -748,12 +748,13 @@ function updateprofile() { $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['fullname'])); $_POST['email'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['email'])); - if (empty($_POST['fullname']) || empty($_POST['email'])) { + if ((empty($_POST['fullname']) && $auth->canDo('modName')) || + (empty($_POST['email']) && $auth->canDo('modMail'))) { msg($lang['profnoempty'],-1); return false; } - if (!mail_isvalid($_POST['email'])){ + if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')){ msg($lang['regbadmail'],-1); return false; } |