mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

Fix: Deleting a user throw a token not found error message

Browse Source 
Setting POST['serendipity']['user'] triggers the login routine. When that happens a new session is generated, and afterwards the token check fails.
This commit is contained in:
onli 2021-06-08 23:42:59 +02:00
parent 323860150d
commit e8bb99752f
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/admin/users.inc.php
View File

@ -17,7 +17,7 @@ $data = array();
/* Delete a user */
if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
$data['delete_yes'] = true;
$user = serendipity_fetchUsers($serendipity['POST']['user']);
$user = serendipity_fetchUsers($serendipity['POST']['userid']);
if (($serendipity['serendipityUserlevel'] < USERLEVEL_ADMIN && $user[0]['userlevel'] >= $serendipity['serendipityUserlevel']) || !serendipity_checkPermission('adminUsersDelete')) {
$data['no_delete_permission'] = true;
$data['no_delete_permission_userlevel'] = false;
@ -32,7 +32,7 @@ if (isset($_POST['DELETE_YES']) && serendipity_checkFormToken()) {
$data['delete_permission'] = true;
serendipity_deleteAuthor($user[0]['authorid']);
serendipity_plugin_api::hook_event('backend_users_delete', $user[0]);
$data['user'] = $serendipity['POST']['user'] ?? null;
$data['user'] = $serendipity['POST']['userid'] ?? null;
$data['realname'] = $user[0]['realname'] ?? null;
}
}
@ -77,7 +77,7 @@ if (isset($_POST['SAVE_NEW']) && serendipity_checkFormToken()) {
continue;
}
if (count($_POST[$item['var']]) < 1) {
if (count($_POST[$item['var']] ?? []) < 1) {
$data['no_group_selected'] = true;
} else {
serendipity_updateGroups($_POST[$item['var']], $serendipity['POST']['user'], false);

4
templates/2k11/admin/users.inc.tpl
View File

@ -75,9 +75,9 @@
</form>
{else}
{if $delete}
<form action="?serendipity[adminModule]=users" method="post">
<form action="?serendipity[adminModule]=users" method="POST">
{$formToken}
<input name="serendipity[user]" type="hidden" value="{$userid}">
<input name="serendipity[userid]" type="hidden" value="{$userid}">
<div class="users_delete_action">
<h2>{$CONST.MANAGE_USERS}</h2>