mirror of https://github.com/MISP/MISP
fix: [internal] Really disable password change
parent
1830d5dc7b
commit
0ba05044bf
|
@ -922,23 +922,13 @@ class UsersController extends AppController
|
|||
continue;
|
||||
}
|
||||
if ($field != 'password') {
|
||||
array_push($fields, $field);
|
||||
}
|
||||
}
|
||||
$fieldsOldValues = array();
|
||||
foreach ($fields as $field) {
|
||||
if ($field == 'enable_password') {
|
||||
continue;
|
||||
}
|
||||
if ($field != 'confirm_password') {
|
||||
$fieldsOldValues[$field] = $this->User->field($field);
|
||||
} else {
|
||||
$fieldsOldValues[$field] = $this->User->field('password');
|
||||
$fields[] = $field;
|
||||
}
|
||||
}
|
||||
if (
|
||||
(!empty($this->request->data['User']['enable_password']) || $this->_isRest()) &&
|
||||
!empty($this->request->data['User']['password'])
|
||||
!empty($this->request->data['User']['password']) &&
|
||||
$this->__canChangePassword()
|
||||
) {
|
||||
$fields[] = 'password';
|
||||
if ($this->_isRest() && !isset($this->request->data['User']['confirm_password'])) {
|
||||
|
@ -958,6 +948,12 @@ class UsersController extends AppController
|
|||
}
|
||||
}
|
||||
$fields[] = 'date_modified'; // time will be inserted in `beforeSave` action
|
||||
|
||||
$fieldsOldValues = $this->User->find('first', [
|
||||
'recursive' => -1,
|
||||
'conditions' => ['id' => $id],
|
||||
])['User'];
|
||||
|
||||
if ($this->User->save($this->request->data, true, $fields)) {
|
||||
// newValues to array
|
||||
$fieldsNewValues = array();
|
||||
|
@ -967,7 +963,7 @@ class UsersController extends AppController
|
|||
}
|
||||
if ($field !== 'confirm_password') {
|
||||
$newValue = $this->data['User'][$field];
|
||||
if (gettype($newValue) == 'array') {
|
||||
if (is_array($newValue)) {
|
||||
$newValueStr = '';
|
||||
$cP = 0;
|
||||
foreach ($newValue as $newValuePart) {
|
||||
|
@ -989,6 +985,9 @@ class UsersController extends AppController
|
|||
// compare
|
||||
$fieldsResult = array();
|
||||
foreach ($fields as $field) {
|
||||
if ($field === 'date_modified') {
|
||||
continue;
|
||||
}
|
||||
if (isset($fieldsOldValues[$field]) && $fieldsOldValues[$field] != $fieldsNewValues[$field]) {
|
||||
if ($field != 'confirm_password' && $field != 'enable_password') {
|
||||
$fieldsResult[$field] = array($fieldsOldValues[$field], $fieldsNewValues[$field]);
|
||||
|
|
Loading…
Reference in New Issue