mbirth/LuckyCoinkydink
Archived
1
0
Fork 0
Code Issues Pull Requests Activity

Fix: Deleting a user throw a token not found error message

Browse Source 
Setting POST['serendipity']['user'] triggers the login routine. When that happens a new session is generated, and afterwards the token check fails.
This commit is contained in:
onli
2021-06-08 23:42:59 +02:00
parent 323860150d
commit e8bb99752f
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/admin/users.inc.php
View File

@@ -17,7 +17,7 @@ $data = array();
/* Delete a user */ /* Delete a user */
if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) { if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
$data['delete_yes'] = true; $data['delete_yes'] = true;
$user = serendipity_fetchUsers($serendipity['POST']['user']); $user = serendipity_fetchUsers($serendipity['POST']['userid']);
if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersDelete')) { if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersDelete')) {
$data['no_delete_permission'] = true; $data['no_delete_permission'] = true;
$data['no_delete_permission_userlevel'] = false; $data['no_delete_permission_userlevel'] = false;
@@ -32,7 +32,7 @@ if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
$data['delete_permission'] = true; $data['delete_permission'] = true;
serendipity_deleteAuthor($user[0]['authorid']); serendipity_deleteAuthor($user[0]['authorid']);
serendipity_plugin_api::hook_event('backend_users_delete', $user[0]); serendipity_plugin_api::hook_event('backend_users_delete', $user[0]);
$data['user'] = $serendipity['POST']['user'] ?? null; $data['user'] = $serendipity['POST']['userid'] ?? null;
$data['realname'] = $user[0]['realname'] ?? null; $data['realname'] = $user[0]['realname'] ?? null;
} }
} }
@@ -77,7 +77,7 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
continue; continue;
} }
if (count($_POST[$item['var']]) < 1) { if (count($_POST[$item['var']] ?? []) < 1) {
$data['no_group_selected'] = true; $data['no_group_selected'] = true;
} else { } else {
serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false); serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false);

4
templates/2k11/admin/users.inc.tpl
View File

@@ -75,9 +75,9 @@
</form> </form>
{else} {else}
{if $delete} {if $delete}
<form action="?serendipity[adminModule]=users" method="post"> <form action="?serendipity[adminModule]=users" method="POST">
{$formToken} {$formToken}
<input name="serendipity[user]" type="hidden" value="{$userid}"> <input name="serendipity[userid]" type="hidden" value="{$userid}">
<div class="users_delete_action"> <div class="users_delete_action">
<h2>{$CONST.MANAGE_USERS}</h2> <h2>{$CONST.MANAGE_USERS}</h2>