From d61f45ea61a50e64eabb6b938bcab3b99ef29c00 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 9 Mar 2010 20:09:09 +0000
Subject: [PATCH] BUGFIX Fixing Member_ProfileForm to validate for existing
 members via Member_Validator to avoid CMS users to switch to another existing
 user account by using their email address (from r100704)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100717 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/Member.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/security/Member.php b/security/Member.php
index 6f89cb3bb..d3bd882f1 100755
--- a/security/Member.php
+++ b/security/Member.php
@@ -1471,9 +1471,7 @@ class Member_ProfileForm extends Form {
 			new FormAction('dosave',_t('CMSMain.SAVE'))
 		);
 		
-		$validator = new RequiredFields(
-		
-		);
+		$validator = new Member_Validator();
 		
 		parent::__construct($controller, $name, $fields, $actions, $validator);
 		
@@ -1481,8 +1479,12 @@ class Member_ProfileForm extends Form {
 	}
 	
 	function dosave($data, $form) {
-		$SQL_data = Convert::raw2sql($data);
+		// don't allow ommitting or changing the ID
+		if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
+			return Director::redirectBack();
+		}
 		
+		$SQL_data = Convert::raw2sql($data);
 		$member = DataObject::get_by_id("Member", $SQL_data['ID']);
 		
 		if($SQL_data['Locale'] != $member->Locale) {