This fixes a bug where the new user name input by the user was invalid, causing the account deletion link and the form action to be wrong. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> --- web/html/account.php | 4 ++-- web/lib/acctfuncs.inc.php | 8 +++++--- web/template/account_edit_form.php | 4 ++-- 3 files changed, 9 insertions(+), 7 deletions(-) diff --git a/web/html/account.php b/web/html/account.php index c447de3..f5e6c19 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -61,7 +61,7 @@ if (isset($_COOKIE["AURSID"])) { $row["AccountTypeID"], $row["Suspended"], $row["Email"], "", "", $row["RealName"], $row["LangPreference"], $row["IRCNick"], $row["PGPKey"], $PK, - $row["InactivityTS"] ? 1 : 0, $row["ID"]); + $row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]); } else { print __("You do not have permission to edit this account."); } @@ -100,7 +100,7 @@ if (isset($_COOKIE["AURSID"])) { in_request("E"), in_request("P"), in_request("C"), in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("PK"), in_request("J"), - in_request("ID")); + in_request("ID"), $row["Username"]); } } else { if (has_credential(CRED_ACCOUNT_SEARCH)) { diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index edd38ee..b5dc51d 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -56,11 +56,12 @@ function html_format_pgp_fingerprint($fingerprint) { * @param string $PK The list of SSH public keys * @param string $J The inactivity status of the displayed user * @param string $UID The user ID of the displayed user + * @param string $N The username as present in the database * * @return void */ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="", - $L="",$I="",$K="",$PK="",$J="", $UID=0) { + $L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") { global $SUPPORTED_LANGS; include("account_edit_form.php"); @@ -86,11 +87,12 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="", * @param string $PK The list of public SSH keys * @param string $J The inactivity status of the user * @param string $UID The user ID of the modified account + * @param string $N The username as present in the database * * @return string|void Return void if successful, otherwise return error */ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="", - $R="",$L="",$I="",$K="",$PK="",$J="",$UID=0) { + $R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") { global $SUPPORTED_LANGS; $error = ''; @@ -247,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="", if ($error) { print "<ul class='errorlist'><li>".$error."</li></ul>\n"; display_account_form($A, $U, $T, $S, $E, "", "", - $R, $L, $I, $K, $PK, $J, $UID); + $R, $L, $I, $K, $PK, $J, $UID, $N); return; } diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php index 56bdd45..0aadb9d 100644 --- a/web/template/account_edit_form.php +++ b/web/template/account_edit_form.php @@ -1,9 +1,9 @@ <?php if ($A == "UpdateAccount"): ?> <p> - <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?> + <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($N) . 'delete/' . '">', '</a>') ?> </p> -<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post"> +<form id="edit-profile-form" action="<?= get_user_uri($N) . 'update/'; ?>" method="post"> <?php else: ?> <form id="edit-profile-form" action="<?= get_uri('/register/'); ?>" method="post"> <?php endif; ?> -- 2.4.5