Commit 40cc5d06 authored by Russ Fish's avatar Russ Fish

Fix long-standing bug with admins changing other people's profile info, e.g. email addr.

parent cba27315
...@@ -540,7 +540,7 @@ if (isset($formfields["notes"]) && $formfields["notes"] != "" && ...@@ -540,7 +540,7 @@ if (isset($formfields["notes"]) && $formfields["notes"] != "" &&
$args["notes"] = $formfields["notes"]; $args["notes"] = $formfields["notes"];
} }
if (! ($result = User::ModUserInfo($target_user, $args, $errors))) { if (! ($result = User::ModUserInfo($target_user, $uid, $args, $errors))) {
# Always respit the form so that the form fields are not lost. # Always respit the form so that the form fields are not lost.
# I just hate it when that happens so lets not be guilty of it ourselves. # I just hate it when that happens so lets not be guilty of it ourselves.
SPITFORM($formfields, $errors); SPITFORM($formfields, $errors);
......
...@@ -153,7 +153,7 @@ class User ...@@ -153,7 +153,7 @@ class User
# #
# Class function to change the user profile. # Class function to change the user profile.
# #
function ModUserInfo($target_user, $args, &$errors) { function ModUserInfo($target_user, $uid, $args, &$errors) {
global $suexec_output, $suexec_output_array; global $suexec_output, $suexec_output_array;
# #
...@@ -184,7 +184,10 @@ class User ...@@ -184,7 +184,10 @@ class User
fclose($fp); fclose($fp);
chmod($xmlname, 0666); chmod($xmlname, 0666);
$retval = SUEXEC("nobody", "nobody", "webmoduserinfo $xmlname",
# Invoke the back-end script as the user if an admin for permissions.
$suexec_uid = ISADMIN() ? $uid : "nobody";
$retval = SUEXEC($suexec_uid, "nobody", "webmoduserinfo $xmlname",
SUEXEC_ACTION_IGNORE); SUEXEC_ACTION_IGNORE);
if ($retval) { if ($retval) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment