[aur-dev] [PATCH v3 1/3] Use username from the database if one is provided by the user

Marcel Korpel marcel.korpel at gmail.com
Wed Jul 15 22:56:30 UTC 2015


This fixes a bug where the new user name input by the user was
invalid, causing the account deletion link and the form action to be
wrong.

Signed-off-by: Marcel Korpel <marcel.korpel at gmail.com>
---
 web/html/account.php               | 4 ++--
 web/lib/acctfuncs.inc.php          | 8 +++++---
 web/template/account_edit_form.php | 4 ++--
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/web/html/account.php b/web/html/account.php
index c447de3..f5e6c19 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -61,7 +61,7 @@ if (isset($_COOKIE["AURSID"])) {
 					$row["AccountTypeID"], $row["Suspended"], $row["Email"],
 					"", "", $row["RealName"], $row["LangPreference"],
 					$row["IRCNick"], $row["PGPKey"], $PK,
-					$row["InactivityTS"] ? 1 : 0, $row["ID"]);
+					$row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]);
 			} else {
 				print __("You do not have permission to edit this account.");
 			}
@@ -100,7 +100,7 @@ if (isset($_COOKIE["AURSID"])) {
 					in_request("E"), in_request("P"), in_request("C"),
 					in_request("R"), in_request("L"), in_request("I"),
 					in_request("K"), in_request("PK"), in_request("J"),
-					in_request("ID"));
+					in_request("ID"), $row["Username"]);
 		}
 	} else {
 		if (has_credential(CRED_ACCOUNT_SEARCH)) {
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 2b57b2d..9d6f5ee 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -56,11 +56,12 @@ function html_format_pgp_fingerprint($fingerprint) {
  * @param string $PK The list of SSH public keys
  * @param string $J The inactivity status of the displayed user
  * @param string $UID The user ID of the displayed user
+ * @param string $N The username as present in the database
  *
  * @return void
  */
 function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
-		$L="",$I="",$K="",$PK="",$J="", $UID=0) {
+		$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;
 
 	include("account_edit_form.php");
@@ -86,11 +87,12 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
  * @param string $PK The list of public SSH keys
  * @param string $J The inactivity status of the user
  * @param string $UID The user ID of the modified account
+ * @param string $N The username as present in the database
  *
  * @return string|void Return void if successful, otherwise return error
  */
 function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
-		$R="",$L="",$I="",$K="",$PK="",$J="",$UID=0) {
+		$R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;
 
 	$error = '';
@@ -247,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
 	if ($error) {
 		print "<ul class='errorlist'><li>".$error."</li></ul>\n";
 		display_account_form($A, $U, $T, $S, $E, "", "",
-				$R, $L, $I, $K, $PK, $J, $UID);
+				$R, $L, $I, $K, $PK, $J, $UID, $N);
 		return;
 	}
 
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 56bdd45..0aadb9d 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,9 +1,9 @@
 <?php if ($A == "UpdateAccount"): ?>
 <p>
-	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($N) . 'delete/' . '">', '</a>') ?>
 </p>
 
-<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
+<form id="edit-profile-form" action="<?= get_user_uri($N) . 'update/'; ?>" method="post">
 <?php else: ?>
 <form id="edit-profile-form" action="<?= get_uri('/register/'); ?>" method="post">
 <?php endif; ?>
-- 
2.4.5


More information about the aur-dev mailing list