mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-06 14:46:56 +02:00
Code Issues Releases Wiki Activity

More user-setting checks.

Browse Source
This commit is contained in:
Cameron
2016-06-28 09:25:30 -07:00
parent b82cfaea92
commit 0af67301ea
2 changed files with 33 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
usersettings.php
View File

@@ -352,8 +352,9 @@ elseif (isset($_POST['SaveValidatedInfo'])) // Next bit only valid if user editi
{ // Got some data confirmed with password entry
$new_data = base64_decode($_POST['updated_data']);
// Should only happen if someone's fooling around
if (md5($new_data) != $_POST['updated_key'] || isset($new_data['user_admin']) || isset($new_data['user_perms']))
if (md5($new_data) != $_POST['updated_key'] || ($userMethods->hasReadonlyField($new_data) !==false))
{
echo LAN_USET_42.'<br />';
exit();
@@ -812,7 +813,6 @@ function req($field)
}
// Delete a file from the public directories. Return TRUE on success, FALSE on failure.
// Also deletes from database if appropriate.
function delete_file($fname, $dir = 'avatars/')