Fixed a user potentially being able to delete themselves if they real…

…ly really wanted to. #282
bigtreecms · May 25, 2017 · f789970 · f789970
1 parent c17d09b
commit f789970
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/core/inc/bigtree/admin.php b/core/inc/bigtree/admin.php
@@ -2303,7 +2303,8 @@ function deleteUser($id) {
 			$id = sqlescape($id);
 			// If this person has higher access levels than the person trying to update them, fail.
 			$current = static::getUser($id);
-			if ($current["level"] > $this->Level) {
+
+			if ($current["level"] > $this->Level || $id == $this->ID) {
 				return false;
 			}