- Patch #41305 by chx: user edit form submit model rewrite.
Dries Buytaert
parent
8b0461940d
commit
d21dda89b3
|
|
@ -1259,25 +1259,7 @@ function user_edit($category = 'account') {
|
|||
$account = user_load(array('uid' => arg(1)));
|
||||
$edit = $_POST['op'] ? $_POST['edit'] : object2array($account);
|
||||
|
||||
if ($_POST['op'] == t('Submit')) {
|
||||
user_module_invoke('validate', $edit, $account, $category);
|
||||
|
||||
if (!form_get_errors()) {
|
||||
// Validate input to ensure that non-privileged users can't alter protected data.
|
||||
if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) ||
|
||||
(!user_access('administer access control') && isset($edit['roles']))) {
|
||||
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
|
||||
}
|
||||
else {
|
||||
user_save($account, $edit, $category);
|
||||
// Delete that user's menu cache.
|
||||
cache_clear_all('menu:'. $account->uid, TRUE);
|
||||
drupal_set_message(t('The changes have been saved.'));
|
||||
drupal_goto("user/$account->uid");
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (arg(2) == 'delete') {
|
||||
if (arg(2) == 'delete') {
|
||||
if ($edit['confirm']) {
|
||||
db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
|
||||
db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
|
||||
|
|
@ -1297,6 +1279,8 @@ function user_edit($category = 'account') {
|
|||
}
|
||||
|
||||
$form = _user_forms($edit, $account, $category);
|
||||
$form['_category'] = array('#type' => 'value', '#value' => $category);
|
||||
$form['_account'] = array('#type' => 'value', '#value' => $account);
|
||||
$form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30);
|
||||
if (user_access('administer users')) {
|
||||
$form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31);
|
||||
|
|
@ -1307,6 +1291,26 @@ function user_edit($category = 'account') {
|
|||
return drupal_get_form('user_edit', $form);
|
||||
}
|
||||
|
||||
function user_edit_validate($form_id, $form_values) {
|
||||
user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']);
|
||||
// Validate input to ensure that non-privileged users can't alter protected data.
|
||||
if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) {
|
||||
$message = t('Detected malicious attempt to alter protected user fields.');
|
||||
watchdog('security', $message, WATCHDOG_WARNING);
|
||||
// set this to a value type field
|
||||
form_set_error('category', $message);
|
||||
}
|
||||
}
|
||||
|
||||
function user_edit_submit($form_id, $form_values) {
|
||||
$account = $form_values['_account'];
|
||||
user_save($account, $form_values, $form_values['_category']);
|
||||
// Delete that user's menu cache.
|
||||
cache_clear_all('menu:'. $account->uid, TRUE);
|
||||
drupal_set_message(t('The changes have been saved.'));
|
||||
drupal_goto('user/'. $account->uid);
|
||||
}
|
||||
|
||||
function user_view($uid = 0) {
|
||||
global $user;
|
||||
|
||||
|
|
@ -1920,7 +1924,7 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') {
|
|||
$groups = array_merge($data, $groups);
|
||||
}
|
||||
}
|
||||
usort($groups, '_user_sort');
|
||||
uasort($groups, '_user_sort');
|
||||
|
||||
return empty($groups) ? FALSE : $groups;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1259,25 +1259,7 @@ function user_edit($category = 'account') {
|
|||
$account = user_load(array('uid' => arg(1)));
|
||||
$edit = $_POST['op'] ? $_POST['edit'] : object2array($account);
|
||||
|
||||
if ($_POST['op'] == t('Submit')) {
|
||||
user_module_invoke('validate', $edit, $account, $category);
|
||||
|
||||
if (!form_get_errors()) {
|
||||
// Validate input to ensure that non-privileged users can't alter protected data.
|
||||
if ((!user_access('administer users') && array_intersect(array_keys($edit), array('uid', 'init', 'session'))) ||
|
||||
(!user_access('administer access control') && isset($edit['roles']))) {
|
||||
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
|
||||
}
|
||||
else {
|
||||
user_save($account, $edit, $category);
|
||||
// Delete that user's menu cache.
|
||||
cache_clear_all('menu:'. $account->uid, TRUE);
|
||||
drupal_set_message(t('The changes have been saved.'));
|
||||
drupal_goto("user/$account->uid");
|
||||
}
|
||||
}
|
||||
}
|
||||
else if (arg(2) == 'delete') {
|
||||
if (arg(2) == 'delete') {
|
||||
if ($edit['confirm']) {
|
||||
db_query('DELETE FROM {users} WHERE uid = %d', $account->uid);
|
||||
db_query('DELETE FROM {sessions} WHERE uid = %d', $account->uid);
|
||||
|
|
@ -1297,6 +1279,8 @@ function user_edit($category = 'account') {
|
|||
}
|
||||
|
||||
$form = _user_forms($edit, $account, $category);
|
||||
$form['_category'] = array('#type' => 'value', '#value' => $category);
|
||||
$form['_account'] = array('#type' => 'value', '#value' => $account);
|
||||
$form['submit'] = array('#type' => 'submit', '#value' => t('Submit'), '#weight' => 30);
|
||||
if (user_access('administer users')) {
|
||||
$form['delete'] = array('#type' => 'submit', '#value' => t('Delete'), '#weight' => 31);
|
||||
|
|
@ -1307,6 +1291,26 @@ function user_edit($category = 'account') {
|
|||
return drupal_get_form('user_edit', $form);
|
||||
}
|
||||
|
||||
function user_edit_validate($form_id, $form_values) {
|
||||
user_module_invoke('validate', $form_values, $form_values['_account'], $form_values['_category']);
|
||||
// Validate input to ensure that non-privileged users can't alter protected data.
|
||||
if ((!user_access('administer users') && array_intersect(array_keys($form_values), array('uid', 'init', 'session'))) || (!user_access('administer access control') && isset($form_values['roles']))) {
|
||||
$message = t('Detected malicious attempt to alter protected user fields.');
|
||||
watchdog('security', $message, WATCHDOG_WARNING);
|
||||
// set this to a value type field
|
||||
form_set_error('category', $message);
|
||||
}
|
||||
}
|
||||
|
||||
function user_edit_submit($form_id, $form_values) {
|
||||
$account = $form_values['_account'];
|
||||
user_save($account, $form_values, $form_values['_category']);
|
||||
// Delete that user's menu cache.
|
||||
cache_clear_all('menu:'. $account->uid, TRUE);
|
||||
drupal_set_message(t('The changes have been saved.'));
|
||||
drupal_goto('user/'. $account->uid);
|
||||
}
|
||||
|
||||
function user_view($uid = 0) {
|
||||
global $user;
|
||||
|
||||
|
|
@ -1920,7 +1924,7 @@ function _user_forms(&$edit, $account, $category, $hook = 'form') {
|
|||
$groups = array_merge($data, $groups);
|
||||
}
|
||||
}
|
||||
usort($groups, '_user_sort');
|
||||
uasort($groups, '_user_sort');
|
||||
|
||||
return empty($groups) ? FALSE : $groups;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue