Add self-removal prevention in mod/admin

This commit is contained in:
Hypolite Petovan 2018-11-24 20:59:38 -05:00
parent 92556e5161
commit 1501b998fa

View file

@ -1780,7 +1780,11 @@ function admin_page_users_post(App $a)
} }
if (x($_POST, 'page_users_delete')) { if (x($_POST, 'page_users_delete')) {
foreach ($users as $uid) { foreach ($users as $uid) {
User::remove($uid); if (local_user() != $uid) {
User::remove($uid);
} else {
notice(L10n::t('You can\'t remove yourself'));
}
} }
notice(L10n::tt("%s user deleted", "%s users deleted", count($users))); notice(L10n::tt("%s user deleted", "%s users deleted", count($users)));
} }
@ -1825,11 +1829,15 @@ function admin_page_users(App $a)
} }
switch ($a->argv[2]) { switch ($a->argv[2]) {
case "delete": case "delete":
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); if (local_user() != $uid) {
// delete user BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');
User::remove($uid); // delete user
User::remove($uid);
notice(L10n::t("User '%s' deleted", $user['username']) . EOL); notice(L10n::t("User '%s' deleted", $user['username']));
} else {
notice(L10n::t('You can\'t remove yourself'));
}
break; break;
case "block": case "block":
BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't');