From 4369edaf3f94ff5a2b6d3d328d9248688ae56925 Mon Sep 17 00:00:00 2001
From: Andy Webber <dokuwiki@andywebber.com>
Date: Sat, 28 Nov 2009 12:15:47 +0100
Subject: correctly check auth capabilities on update profile FS#1329

Ignore-this: fb853b40911201a41c237d69d91f7d24

darcs-hash:20091128111547-6ad63-0432d3b190946b2b8f7c292119e034cdcdae3a00.gz
---
 inc/auth.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'inc')

diff --git a/inc/auth.php b/inc/auth.php
index d52adb1ef..50c5f17ed 100644
--- a/inc/auth.php
+++ b/inc/auth.php
@@ -748,12 +748,13 @@ function updateprofile() {
     $_POST['fullname'] = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['fullname']));
     $_POST['email']    = trim(preg_replace('/[\x00-\x1f:<>&%,;]+/','',$_POST['email']));
 
-    if (empty($_POST['fullname']) || empty($_POST['email'])) {
+    if ((empty($_POST['fullname']) && $auth->canDo('modName')) ||
+        (empty($_POST['email']) && $auth->canDo('modMail'))) {
         msg($lang['profnoempty'],-1);
         return false;
     }
 
-    if (!mail_isvalid($_POST['email'])){
+    if (!mail_isvalid($_POST['email']) && $auth->canDo('modMail')){
         msg($lang['regbadmail'],-1);
         return false;
     }
-- 
cgit v1.2.3