nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-06-29 08:20:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[principal edit] Ensure the id is > 0 for us to fetch the record.

Browse Source 
As well as causing an unsightly SQL error in the logs this was
actually crashing PHP in some cases.  Also we don't delete the
row unless the ID is > 1, to avoid deleting the admin user by
accident.
This commit is contained in:
Andrew McMillan 2010-09-11 22:50:29 +12:00
parent 19de9d3b01
commit 6115d90cbf
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
inc/ui/principal-edit.php
View File

@ -57,7 +57,7 @@ function handle_subaction( $subaction ) {
case 'delete_principal':
dbg_error_log('admin-principal-edit',':handle_action: Deleting principal %d', $id );
if ( $session->AllowedTo('Admin') ) {
if ( $session->CheckConfirmationHash('GET', 'confirm') ) {
if ( isset($id) && $id > 1 && $session->CheckConfirmationHash('GET', 'confirm') ) {
dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete principal %d -%s', $id, $editor->Value('username') );
$qry = new AwlQuery('DELETE FROM dav_principal WHERE principal_id=?', $id );
if ( $qry->Exec() ) {
@ -182,7 +182,7 @@ if ( $can_write_principal && $editor->IsSubmit() ) {
$qry->Exec('admin-principal-edit');
}
}
else {
else if ( isset($id) && $id > 0 ) {
$editor->GetRecord();
if ( $editor->IsSubmit() ) {
$c->messages[] = i18n('You do not have permission to modify this record.');
@ -397,7 +397,7 @@ if ( isset($delete_principal_confirmation_required) ) {
}
if ( isset($id) ) {
if ( isset($id) && $id > 0 ) {
$browser = new Browser(translate('Group Memberships'));
$c->stylesheets[] = 'css/browse.css';
$c->scripts[] = 'js/browse.js';