Commit c0c172bb authored by Dries's avatar Dries

- Patch #67036 by naudefj and ajk: fixed some warnings.

parent c7ae77cf
......@@ -205,10 +205,12 @@ function user_save($account, $array = array(), $category = 'account') {
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
// Save user roles (delete just to be safe).
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
if (is_array($array['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
}
}
}
......@@ -1236,9 +1238,11 @@ function user_register_submit($form_id, $form_values) {
$mail = $form_values['mail'];
$name = $form_values['name'];
$pass = $admin ? $form_values['pass'] : user_password();
$roles = array_filter($form_values['roles']); // Remove unset roles
$notify = $form_values['notify'];
$from = variable_get('site_mail', ini_get('sendmail_from'));
if (isset($form_values['roles'])) {
$roles = array_filter($form_values['roles']); // Remove unset roles
}
if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
......
......@@ -205,10 +205,12 @@ function user_save($account, $array = array(), $category = 'account') {
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
// Save user roles (delete just to be safe).
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
if (is_array($array['roles'])) {
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
foreach (array_keys($array['roles']) as $rid) {
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
}
}
}
......@@ -1236,9 +1238,11 @@ function user_register_submit($form_id, $form_values) {
$mail = $form_values['mail'];
$name = $form_values['name'];
$pass = $admin ? $form_values['pass'] : user_password();
$roles = array_filter($form_values['roles']); // Remove unset roles
$notify = $form_values['notify'];
$from = variable_get('site_mail', ini_get('sendmail_from'));
if (isset($form_values['roles'])) {
$roles = array_filter($form_values['roles']); // Remove unset roles
}
if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment