Skip to content
Permalink
Browse files

Bugfix: Username ist lost when non-admin user changes profile prefere…

…nces

A bug in admin/admin_edit.php creates an empty string for a user's username (and saves that to the database) after the username has been unset because the user is not allowed to change his own username.  The fix prevents this from happening.
  • Loading branch information
bgreiner committed Nov 17, 2015
1 parent a0a4f95 commit a056ecdcaa55dd375687426e00e4ceeba2c4484a
Showing with 3 additions and 2 deletions.
  1. +3 −2 admin/admin_edit.php
@@ -64,8 +64,8 @@
$_REQUEST['password2']="";
}

if ($continue) {
foreach (array('fname','lname','adminname') as $k) $_REQUEST[$k]=trim($_REQUEST[$k]);
if ($continue && isset($_REQUEST['adminname'])) {
$_REQUEST['adminname']=trim($_REQUEST['adminname']);
$pars=array(':adminname'=>$_REQUEST['adminname']);
$query="SELECT admin_id FROM ".table('admin')."
WHERE adminname = :adminname";
@@ -84,6 +84,7 @@
} else unset($_REQUEST['password']);

if (!$admin_id) $admin_id=time();
foreach (array('fname','lname') as $k) $_REQUEST[$k]=trim($_REQUEST[$k]);
$done=orsee_db_save_array($_REQUEST,"admin",$admin_id,"admin_id");
message(lang('changes_saved'));
log__admin("admin_edit",$_REQUEST['adminname']);

0 comments on commit a056ecd

Please sign in to comment.
You can’t perform that action at this time.