mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-08-04 05:37:32 +02:00
Code Issues Releases Wiki Activity

Fixes #5045 - Removed inline editing for when only "Quick Add User" has been granted, and removed adding of admin perms to avoid access escalation.

Browse Source
This commit is contained in:
camer0n
2023-08-22 12:51:23 -07:00
parent 9949a297f6
commit abf94d0310
1 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
e107_admin/users.php
View File

@@ -420,6 +420,11 @@ class users_admin_ui extends e_admin_ui
{
unset($this->fields['checkboxes']);
unset($this->fields['options']);
foreach($this->fields as $fld=>$val)
{
$this->fields[$fld]['inline'] = false;
}
}
$this->fields['user_image']['writeParms'] = $this->getAvatarList();
@@ -1679,6 +1684,8 @@ class users_admin_ui extends e_admin_ui
}
// Make Admin.
if(getperms('4|U0')) // Quick Add User access should not be allowed to create new users with escalated perms.
{
$text .= "
<tr>
<td>".USRLAN_35."</td>
@@ -1694,7 +1701,7 @@ class users_admin_ui extends e_admin_ui
</td>
</tr>
";
}
$text .= "