Commit c0c172bb authored by Dries's avatar Dries
Browse files

- Patch #67036 by naudefj and ajk: fixed some warnings.

parent c7ae77cf
...@@ -205,10 +205,12 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -205,10 +205,12 @@ function user_save($account, $array = array(), $category = 'account') {
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid); db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
// Save user roles (delete just to be safe). // Save user roles (delete just to be safe).
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']); if (is_array($array['roles'])) {
foreach (array_keys($array['roles']) as $rid) { db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) { foreach (array_keys($array['roles']) as $rid) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid); if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
}
} }
} }
...@@ -1236,9 +1238,11 @@ function user_register_submit($form_id, $form_values) { ...@@ -1236,9 +1238,11 @@ function user_register_submit($form_id, $form_values) {
$mail = $form_values['mail']; $mail = $form_values['mail'];
$name = $form_values['name']; $name = $form_values['name'];
$pass = $admin ? $form_values['pass'] : user_password(); $pass = $admin ? $form_values['pass'] : user_password();
$roles = array_filter($form_values['roles']); // Remove unset roles
$notify = $form_values['notify']; $notify = $form_values['notify'];
$from = variable_get('site_mail', ini_get('sendmail_from')); $from = variable_get('site_mail', ini_get('sendmail_from'));
if (isset($form_values['roles'])) {
$roles = array_filter($form_values['roles']); // Remove unset roles
}
if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) { if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
......
...@@ -205,10 +205,12 @@ function user_save($account, $array = array(), $category = 'account') { ...@@ -205,10 +205,12 @@ function user_save($account, $array = array(), $category = 'account') {
db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid); db_query("UPDATE {users} SET data = '%s' WHERE uid = %d", serialize($data), $user->uid);
// Save user roles (delete just to be safe). // Save user roles (delete just to be safe).
db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']); if (is_array($array['roles'])) {
foreach (array_keys($array['roles']) as $rid) { db_query('DELETE FROM {users_roles} WHERE uid = %d', $array['uid']);
if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) { foreach (array_keys($array['roles']) as $rid) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid); if (!in_array($rid, array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID))) {
db_query('INSERT INTO {users_roles} (uid, rid) VALUES (%d, %d)', $array['uid'], $rid);
}
} }
} }
...@@ -1236,9 +1238,11 @@ function user_register_submit($form_id, $form_values) { ...@@ -1236,9 +1238,11 @@ function user_register_submit($form_id, $form_values) {
$mail = $form_values['mail']; $mail = $form_values['mail'];
$name = $form_values['name']; $name = $form_values['name'];
$pass = $admin ? $form_values['pass'] : user_password(); $pass = $admin ? $form_values['pass'] : user_password();
$roles = array_filter($form_values['roles']); // Remove unset roles
$notify = $form_values['notify']; $notify = $form_values['notify'];
$from = variable_get('site_mail', ini_get('sendmail_from')); $from = variable_get('site_mail', ini_get('sendmail_from'));
if (isset($form_values['roles'])) {
$roles = array_filter($form_values['roles']); // Remove unset roles
}
if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) { if (!$admin && array_intersect(array_keys($form_values), array('uid', 'roles', 'init', 'session', 'status'))) {
watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING); watchdog('security', t('Detected malicious attempt to alter protected user fields.'), WATCHDOG_WARNING);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment