Skip to content
Permalink
Browse files

Fixed a user potentially being able to delete themselves if they real…

…ly really wanted to.

#282
  • Loading branch information...
timbuckingham committed May 25, 2017
1 parent c17d09b commit f7899701d7be91b7dc546b65e44a27b668eb3b76
Showing with 2 additions and 1 deletion.
  1. +2 −1 core/inc/bigtree/admin.php
@@ -2303,7 +2303,8 @@ function deleteUser($id) {
$id = sqlescape($id);
// If this person has higher access levels than the person trying to update them, fail.
$current = static::getUser($id);
if ($current["level"] > $this->Level) {
if ($current["level"] > $this->Level || $id == $this->ID) {
return false;
}

0 comments on commit f789970

Please sign in to comment.
You can’t perform that action at this time.