Fixed issue: [security] Administrator can self-delete

LimeSurvey · Jun 15, 2023 · 09e4799 · 09e4799
1 parent b4e992a
commit 09e4799
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/application/controllers/UserManagementController.php b/application/controllers/UserManagementController.php
@@ -291,7 +291,7 @@ public function actionDeleteUser()
                 ['errors' => [gT("You do not have permission to access this page.")], 'noButton' => true]
             );
         }
-        $userId = Yii::app()->request->getPost('userid');
+        $userId = (int) Yii::app()->request->getPost('userid');
         if ($userId == Yii::app()->user->id) {
             return App()->getController()->renderPartial('/admin/super/_renderJson', [
                 'data' => [