From 1501b998fadd2aee398440ab8b0835c417d2918f Mon Sep 17 00:00:00 2001 From: Hypolite Petovan Date: Sat, 24 Nov 2018 20:59:38 -0500 Subject: [PATCH] Add self-removal prevention in mod/admin --- mod/admin.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/mod/admin.php b/mod/admin.php index 5bf55423e5..2a703cb413 100644 --- a/mod/admin.php +++ b/mod/admin.php @@ -1780,7 +1780,11 @@ function admin_page_users_post(App $a) } if (x($_POST, 'page_users_delete')) { foreach ($users as $uid) { - User::remove($uid); + if (local_user() != $uid) { + User::remove($uid); + } else { + notice(L10n::t('You can\'t remove yourself')); + } } notice(L10n::tt("%s user deleted", "%s users deleted", count($users))); } @@ -1825,11 +1829,15 @@ function admin_page_users(App $a) } switch ($a->argv[2]) { case "delete": - BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); - // delete user - User::remove($uid); + if (local_user() != $uid) { + BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); + // delete user + User::remove($uid); - notice(L10n::t("User '%s' deleted", $user['username']) . EOL); + notice(L10n::t("User '%s' deleted", $user['username'])); + } else { + notice(L10n::t('You can\'t remove yourself')); + } break; case "block": BaseModule::checkFormSecurityTokenRedirectOnError('/admin/users', 'admin_users', 't'); -- 2.39.5