Commit 4ad8996f authored by Dries's avatar Dries

- Fixed bug in user_save().
- Added "Who's new" block.  I accidentically removed it.
parent 904a6172
......@@ -89,20 +89,6 @@ function user_load($array = array()) {
}
function user_save($account, $array = array()) {
/*
** Validate input fields to make sure users don't submit
** invalid form data.
*/
if (!user_access("administer users")) {
if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) {
watchdog("warning", "detected malicious attempt to alter a protected user field");
}
unset($array["rid"], $array["init"], $array["rating"], $array["session"]);
}
/*
** Dynamically compose a SQL query:
*/
......@@ -358,9 +344,21 @@ function user_block() {
$block[1]["info"] = t("Log in");
$block[1]["link"] = drupal_url(array("mod" => "user"), "module");
$block[2]["subject"] = t("Who's new");
$block[2]["info"] = t("Who's new");
$block[2]["content"] = user_new_users();
return $block;
}
function user_new_users() {
$result = db_query("SELECT uid, name FROM users WHERE status != '0' ORDER BY uid DESC LIMIT 5");
while ($account = db_fetch_object($result)) {
$output .= lm((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), array("mod" =>user, "op" => "view", "id" => $account->uid)) ."<br />";
}
return $output;
}
function user_link($type) {
if ($type == "page") {
$links[] = lm(t("user account"), array("mod" => "user"), "", array("title" => t("Create a user account, request a new password or edit your account settings.")));
......@@ -890,6 +888,21 @@ function user_edit($edit = array()) {
}
unset($edit["pass1"], $edit["pass2"]);
/*
** Validate input fields to make sure users don't submit
** invalid form data.
*/
if (!user_access("administer users")) {
if (array_intersect(array_keys($edit), array("rid", "init", "rating", "session"))) {
watchdog("warning", "detected malicious attempt to alter a protected database field");
}
$edit["rid"] = $user->rid;
$edit["init"] = $user->init;
$edit["rating"] = $user->rating;
$edit["session"] = $user->session;
}
if (!$error) {
/*
......
......@@ -89,20 +89,6 @@ function user_load($array = array()) {
}
function user_save($account, $array = array()) {
/*
** Validate input fields to make sure users don't submit
** invalid form data.
*/
if (!user_access("administer users")) {
if (array_intersect(array_keys($array), array("rid", "init", "rating", "session"))) {
watchdog("warning", "detected malicious attempt to alter a protected user field");
}
unset($array["rid"], $array["init"], $array["rating"], $array["session"]);
}
/*
** Dynamically compose a SQL query:
*/
......@@ -358,9 +344,21 @@ function user_block() {
$block[1]["info"] = t("Log in");
$block[1]["link"] = drupal_url(array("mod" => "user"), "module");
$block[2]["subject"] = t("Who's new");
$block[2]["info"] = t("Who's new");
$block[2]["content"] = user_new_users();
return $block;
}
function user_new_users() {
$result = db_query("SELECT uid, name FROM users WHERE status != '0' ORDER BY uid DESC LIMIT 5");
while ($account = db_fetch_object($result)) {
$output .= lm((strlen($account->name) > 15 ? substr($account->name, 0, 15) . '...' : $account->name), array("mod" =>user, "op" => "view", "id" => $account->uid)) ."<br />";
}
return $output;
}
function user_link($type) {
if ($type == "page") {
$links[] = lm(t("user account"), array("mod" => "user"), "", array("title" => t("Create a user account, request a new password or edit your account settings.")));
......@@ -890,6 +888,21 @@ function user_edit($edit = array()) {
}
unset($edit["pass1"], $edit["pass2"]);
/*
** Validate input fields to make sure users don't submit
** invalid form data.
*/
if (!user_access("administer users")) {
if (array_intersect(array_keys($edit), array("rid", "init", "rating", "session"))) {
watchdog("warning", "detected malicious attempt to alter a protected database field");
}
$edit["rid"] = $user->rid;
$edit["init"] = $user->init;
$edit["rating"] = $user->rating;
$edit["session"] = $user->session;
}
if (!$error) {
/*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment