Permalink
Browse files

BUGFIX Fixing Member_ProfileForm to validate for existing members via…

… Member_Validator to avoid CMS users to switch to another existing user account by using their email address

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100704 467b73ca-7a2a-4603-9d3b-597d59a354a9
  • Loading branch information...
1 parent ca27086 commit f4e284a3c1047b0669915839fc080fb8eb718bdf @chillu chillu committed Mar 9, 2010
Showing with 6 additions and 4 deletions.
  1. +6 −4 security/Member.php
View
@@ -1425,18 +1425,20 @@ function __construct($controller, $name, $member) {
new FormAction('dosave',_t('CMSMain.SAVE'))
);
- $validator = new RequiredFields(
-
- );
+ $validator = new Member_Validator();
parent::__construct($controller, $name, $fields, $actions, $validator);
$this->loadDataFrom($member);
}
function dosave($data, $form) {
- $SQL_data = Convert::raw2sql($data);
+ // don't allow ommitting or changing the ID
+ if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
+ return Director::redirectBack();
+ }
+ $SQL_data = Convert::raw2sql($data);
$member = DataObject::get_by_id("Member", $SQL_data['ID']);
if($SQL_data['Locale'] != $member->Locale) {

0 comments on commit f4e284a

Please sign in to comment.