BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100717 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-03-09 20:09:09 +00:00 committed by Sam Minnee
parent 1a3225f4f0
commit d61f45ea61

View File

@ -1471,9 +1471,7 @@ class Member_ProfileForm extends Form {
new FormAction('dosave',_t('CMSMain.SAVE')) new FormAction('dosave',_t('CMSMain.SAVE'))
); );
$validator = new RequiredFields( $validator = new Member_Validator();
);
parent::__construct($controller, $name, $fields, $actions, $validator); parent::__construct($controller, $name, $fields, $actions, $validator);
@ -1481,8 +1479,12 @@ class Member_ProfileForm extends Form {
} }
function dosave($data, $form) { function dosave($data, $form) {
$SQL_data = Convert::raw2sql($data); // don't allow ommitting or changing the ID
if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
return Director::redirectBack();
}
$SQL_data = Convert::raw2sql($data);
$member = DataObject::get_by_id("Member", $SQL_data['ID']); $member = DataObject::get_by_id("Member", $SQL_data['ID']);
if($SQL_data['Locale'] != $member->Locale) { if($SQL_data['Locale'] != $member->Locale) {