Explicitly don't allow editing the Anonymous user's account (wasn't possible before either)
1.1 --- a/public_html/admin/user.php Sun Mar 14 18:36:18 2010 +0100
1.2 +++ b/public_html/admin/user.php Sun Mar 14 21:03:24 2010 +0100
1.3 @@ -462,8 +462,10 @@
1.4 $retval = '';
1.5 $userChanged = false;
1.6
1.7 - if ($_USER_VERBOSE) COM_errorLog("**** entering saveusers****",1);
1.8 - if ($_USER_VERBOSE) COM_errorLog("group size at beginning = " . count($groups),1);
1.9 + if ($_USER_VERBOSE) {
1.10 + COM_errorLog("**** entering saveusers****", 1);
1.11 + COM_errorLog("group size at beginning = " . count($groups), 1);
1.12 + }
1.13
1.14 if ($passwd != $passwd_conf) { // passwords don't match
1.15 return edituser($uid, 67);
1.16 @@ -695,7 +697,9 @@
1.17 exit;
1.18 }
1.19
1.20 - if ($_USER_VERBOSE) COM_errorLog("***************leaving saveusers*****************",1);
1.21 + if ($_USER_VERBOSE) {
1.22 + COM_errorLog("***************leaving saveusers*****************", 1);
1.23 + }
1.24
1.25 return $retval;
1.26 }
1.27 @@ -1251,6 +1255,7 @@
1.28 } else {
1.29 COM_accessLog("User {$_USER['username']} tried to illegally delete user $uid and failed CSRF checks.");
1.30 echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
1.31 + exit;
1.32 }
1.33 } elseif (($mode == $LANG_ADMIN['save']) && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { // save
1.34 $delphoto = '';
1.35 @@ -1263,29 +1268,39 @@
1.36 if (!isset ($_POST['userstatus'])) {
1.37 $_POST['userstatus'] = USER_ACCOUNT_ACTIVE;
1.38 }
1.39 - $display = saveusers (COM_applyFilter ($_POST['uid'], true),
1.40 - $_POST['username'], $_POST['fullname'],
1.41 - $_POST['passwd'], $_POST['passwd_conf'], $_POST['email'],
1.42 - $_POST['regdate'], $_POST['homepage'], $_POST['groups'],
1.43 - $delphoto, $_POST['userstatus'], $_POST['oldstatus']);
1.44 - if (!empty($display)) {
1.45 - $tmp = COM_siteHeader('menu', $LANG28[22]);
1.46 - $tmp .= $display;
1.47 - $tmp .= COM_siteFooter();
1.48 - $display = $tmp;
1.49 + $uid = COM_applyFilter($_POST['uid'], true);
1.50 + if ($uid == 1) {
1.51 + echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
1.52 + exit;
1.53 + } else {
1.54 + $display = saveusers($uid, $_POST['username'], $_POST['fullname'],
1.55 + $_POST['passwd'], $_POST['passwd_conf'], $_POST['email'],
1.56 + $_POST['regdate'], $_POST['homepage'], $_POST['groups'],
1.57 + $delphoto, $_POST['userstatus'], $_POST['oldstatus']);
1.58 + if (!empty($display)) {
1.59 + $tmp = COM_siteHeader('menu', $LANG28[22]);
1.60 + $tmp .= $display;
1.61 + $tmp .= COM_siteFooter();
1.62 + $display = $tmp;
1.63 + }
1.64 }
1.65 } elseif ($mode == 'edit') {
1.66 $display .= COM_siteHeader('menu', $LANG28[1]);
1.67 $msg = '';
1.68 - if (isset ($_GET['msg'])) {
1.69 - $msg = COM_applyFilter ($_GET['msg'], true);
1.70 + if (isset($_GET['msg'])) {
1.71 + $msg = COM_applyFilter($_GET['msg'], true);
1.72 }
1.73 $uid = '';
1.74 - if (isset ($_GET['uid'])) {
1.75 - $uid = COM_applyFilter ($_GET['uid'], true);
1.76 + if (isset($_GET['uid'])) {
1.77 + $uid = COM_applyFilter($_GET['uid'], true);
1.78 }
1.79 - $display .= edituser ($uid, $msg);
1.80 - $display .= COM_siteFooter();
1.81 + if ($uid == 1) {
1.82 + echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
1.83 + exit;
1.84 + } else {
1.85 + $display .= edituser($uid, $msg);
1.86 + $display .= COM_siteFooter();
1.87 + }
1.88 } elseif (($mode == 'import') && SEC_checkToken()) {
1.89 $display .= importusers();
1.90 } elseif ($mode == 'importform') {