vitalif
/
FeedOnFeeds
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Don't let non-admin users do admin tasks

master
steveminutillo@gmail.com 2011-05-24 01:25:42 +00:00 committed by Vitaliy Filippov
parent 4a68c2889f
commit a74caf18d2
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
prefs.php
View File

@ -172,7 +172,7 @@ if(isset($_POST['changepassword']))
}
}
if(isset($_POST['adduser']) && $_POST['username'] && $_POST['password'])
if(fof_is_admin() && isset($_POST['adduser']) && $_POST['username'] && $_POST['password'])
{
$username = $_POST['username'];
$password = $_POST['password'];
@ -181,8 +181,7 @@ if(isset($_POST['adduser']) && $_POST['username'] && $_POST['password'])
$message = "User '$username' added.";
}
if(isset($_POST['deleteuser']) && $_POST['username'])
if(fof_is_admin() && isset($_POST['deleteuser']) && $_POST['username'])
{
$username = $_POST['username'];