correctly check auth capabilities on update profile FS#1329

Ignore-this: fb853b40911201a41c237d69d91f7d24 darcs-hash:20091128111547-6ad63-0432d3b190946b2b8f7c292119e034cdcdae3a00.gz
author: Andy Webber <dokuwiki@andywebber.com> 2009-11-28 12:15:47 +0100
committer: Andy Webber <dokuwiki@andywebber.com> 2009-11-28 12:15:47 +0100
commit: 4369edaf3f94ff5a2b6d3d328d9248688ae56925 (patch)
tree: be22e6974c1827713a900ccbe4724a855b10db80 /inc/auth.php
parent: af14334b1fdba48f5fd1227dbadc653bb665ed72 (diff)
download: rpg-4369edaf3f94ff5a2b6d3d328d9248688ae56925.tar.gz
rpg-4369edaf3f94ff5a2b6d3d328d9248688ae56925.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/inc/auth.php b/inc/auth.php
index d52adb1ef..50c5f17ed 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -748,12 +748,13 @@ function updateprofile() {
     $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['fullname']));
     $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['email']));
 
-    if (empty($_POST['fullname']) || empty($_POST['email'])) {
+    if ((empty($_POST['fullname']) && $auth->canDo('modName')) ||
+        (empty($_POST['email']) && $auth->canDo('modMail'))) {
         msg($lang['profnoempty'],-1);
         return false;
     }
 
-    if (!mail_isvalid($_POST['email'])){
+    if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')){
         msg($lang['regbadmail'],-1);
         return false;
     }
author	Andy Webber <dokuwiki@andywebber.com>	2009-11-28 12:15:47 +0100
committer	Andy Webber <dokuwiki@andywebber.com>	2009-11-28 12:15:47 +0100
commit	4369edaf3f94ff5a2b6d3d328d9248688ae56925 (patch)
tree	be22e6974c1827713a900ccbe4724a855b10db80 /inc/auth.php
parent	af14334b1fdba48f5fd1227dbadc653bb665ed72 (diff)
download	rpg-4369edaf3f94ff5a2b6d3d328d9248688ae56925.tar.gz rpg-4369edaf3f94ff5a2b6d3d328d9248688ae56925.tar.bz2