tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704)

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100717 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-03-09 20:09:09 +00:00 committed by Sam Minnee
parent 1a3225f4f0
commit d61f45ea61
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/Member.php
View File

@ -1471,9 +1471,7 @@ class Member_ProfileForm extends Form {
new FormAction('dosave',_t('CMSMain.SAVE'))
);
$validator = new RequiredFields(
);
$validator = new Member_Validator();
parent::__construct($controller, $name, $fields, $actions, $validator);
@ -1481,8 +1479,12 @@ class Member_ProfileForm extends Form {
}
function dosave($data, $form) {
$SQL_data = Convert::raw2sql($data);
// don't allow ommitting or changing the ID
if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
return Director::redirectBack();
}
$SQL_data = Convert::raw2sql($data);
$member = DataObject::get_by_id("Member", $SQL_data['ID']);
if($SQL_data['Locale'] != $member->Locale) {