Add self-removal prevention in mod/admin
This commit is contained in:
parent
92556e5161
commit
1501b998fa
|
@ -1780,7 +1780,11 @@ function admin_page_users_post(App $a)
|
||||||
}
|
}
|
||||||
if (x($_POST, 'page_users_delete')) {
|
if (x($_POST, 'page_users_delete')) {
|
||||||
foreach ($users as $uid) {
|
foreach ($users as $uid) {
|
||||||
|
if (local_user() != $uid) {
|
||||||
User::remove($uid);
|
User::remove($uid);
|
||||||
|
} else {
|
||||||
|
notice(L10n::t('You can\'t remove yourself'));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
notice(L10n::tt("%s user deleted", "%s users deleted", count($users)));
|
notice(L10n::tt("%s user deleted", "%s users deleted", count($users)));
|
||||||
}
|
}
|
||||||
|
@ -1825,11 +1829,15 @@ function admin_page_users(App $a)
|
||||||
}
|
}
|
||||||
switch ($a->argv[2]) {
|
switch ($a->argv[2]) {
|
||||||
case "delete":
|
case "delete":
|
||||||
|
if (local_user() != $uid) {
|
||||||
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||||
// delete user
|
// delete user
|
||||||
User::remove($uid);
|
User::remove($uid);
|
||||||
|
|
||||||
notice(L10n::t("User '%s' deleted", $user['username']) . EOL);
|
notice(L10n::t("User '%s' deleted", $user['username']));
|
||||||
|
} else {
|
||||||
|
notice(L10n::t('You can\'t remove yourself'));
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case "block":
|
case "block":
|
||||||
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
|
||||||
|
|
Loading…
Reference in a new issue