tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address

Browse Source 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100704 467b73ca-7a2a-4603-9d3b-597d59a354a9
This commit is contained in:
Ingo Schommer 2010-03-09 04:08:52 +00:00
parent ca27086c84
commit f4e284a3c1
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
security/Member.php
View File

@ -1425,9 +1425,7 @@ class Member_ProfileForm extends Form {
new FormAction('dosave',_t('CMSMain.SAVE'))
);
$validator = new RequiredFields(
);
$validator = new Member_Validator();
parent::__construct($controller, $name, $fields, $actions, $validator);
@ -1435,8 +1433,12 @@ class Member_ProfileForm extends Form {
}
function dosave($data, $form) {
$SQL_data = Convert::raw2sql($data);
// don't allow ommitting or changing the ID
if(!isset($data['ID']) || $data['ID'] != Member::currentUserID()) {
return Director::redirectBack();
}
$SQL_data = Convert::raw2sql($data);
$member = DataObject::get_by_id("Member", $SQL_data['ID']);
if($SQL_data['Locale'] != $member->Locale) {