[php-blog-cvs] serendipity/include/admin personal.inc.php,1.3,1.4

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/php-blog/serendipity/include/admin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv29339

Modified Files:
	personal.inc.php 
Log Message:
- Make sure you cannot raise your userlevel


Index: personal.inc.php
===================================================================
RCS file: /cvsroot/php-blog/serendipity/include/admin/personal.inc.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4

--- personal.inc.php	30 Nov 2004 20:34:57 -0000	1.3
+++ personal.inc.php	30 Nov 2004 20:41:35 -0000	1.4
@@ -8,13 +8,17 @@
 
 if ( $serendipity['GET']['adminAction'] == 'save' ) {
     $u = serendipity_parseTemplate(S9Y_CONFIG_USERTEMPLATE, true);
-    foreach($u AS $var) {
-        serendipity_set_user_var($var['name'], $_POST[$var['name']], $serendipity['authorid'], true);
-    }
-    $from = $_POST;
+    if ((int)$_POST['userlevel'] > $serendipity['serendipityUserlevel']) {
+        echo '<div class="serendipityAdminMsgError">' . CREATE_NOT_AUTHORIZED_USERLEVEL . '</div>';
+    } else {
+        foreach($u AS $var) {
+            serendipity_set_user_var($var['name'], $_POST[$var['name']], $serendipity['authorid'], true);
+        }
+        $from = $_POST;
 ?>
     <div class="serendipityAdminMsgSuccess"><?php echo sprintf(MODIFIED_USER, $_POST['username']) ?></div>
-<?php } ?>
+<?php }
+} ?>
 
 <form action="?serendipity[adminModule]=personal&amp;serendipity[adminAction]=save" method="post">
 <?php





[php-blog-cvs] serendipity/include/admin personal.inc.php,1.3,1.4

A reliable, secure & extensible PHP blog | Not mainstream since 2002

[php-blog-cvs] serendipity/include/admin personal.inc.php,1.3,1.4