From abf94d031061a529d36e2be9dddaa5f6078a1626 Mon Sep 17 00:00:00 2001
From: camer0n <e107inc@gmail.com>
Date: Tue, 22 Aug 2023 12:51:23 -0700
Subject: [PATCH] Fixes #5045 - Removed inline editing for when only "Quick Add
 User" has been granted, and removed adding of admin perms to avoid access
 escalation.

---
 e107_admin/users.php | 37 ++++++++++++++++++++++---------------
 1 file changed, 22 insertions(+), 15 deletions(-)

diff --git a/e107_admin/users.php b/e107_admin/users.php
index a089f6d68..003708d24 100644
--- a/e107_admin/users.php
+++ b/e107_admin/users.php
@@ -419,7 +419,12 @@ class users_admin_ui extends e_admin_ui
 		if(!getperms('4|U0')) // Quick Add User Access Only. 
 		{
 			unset($this->fields['checkboxes']);
-			unset($this->fields['options']);			
+			unset($this->fields['options']);
+			foreach($this->fields as $fld=>$val)
+			{
+				 $this->fields[$fld]['inline'] = false;
+			}
+
 		}	
 				
 		$this->fields['user_image']['writeParms'] = $this->getAvatarList();
@@ -1679,22 +1684,24 @@ class users_admin_ui extends e_admin_ui
 		}
 
 		// Make Admin.
-		$text .= "
-		<tr>
-			<td>".USRLAN_35."</td>
-			<td>
-				<a href='#set_perms' class='btn btn-default btn-secondary e-expandit'>".USRLAN_243."</a>
-				<div class='e-hideme' id='set_perms'>
-		";
-			
-		$text .= $prm->renderPermTable('grouped');
+		if(getperms('4|U0')) // Quick Add User access should not be allowed to create new users with escalated perms. 
+		{
+			$text .= "
+			<tr>
+				<td>".USRLAN_35."</td>
+				<td>
+					<a href='#set_perms' class='btn btn-default btn-secondary e-expandit'>".USRLAN_243."</a>
+					<div class='e-hideme' id='set_perms'>
+			";
 
-		$text .= "
-				</div>
-			</td>
-		</tr>
-		";
+			$text .= $prm->renderPermTable('grouped');
 
+			$text .= "
+					</div>
+				</td>
+			</tr>
+			";
+		}
 
 		$text .= "