fix: [internal] Really disable password change

pull/7065/head
Jakub Onderka 2021-02-22 20:30:36 +01:00
parent 1830d5dc7b
commit 0ba05044bf
1 changed files with 13 additions and 14 deletions

View File

@ -922,23 +922,13 @@ class UsersController extends AppController
continue;
}
if ($field != 'password') {
array_push($fields, $field);
}
}
$fieldsOldValues = array();
foreach ($fields as $field) {
if ($field == 'enable_password') {
continue;
}
if ($field != 'confirm_password') {
$fieldsOldValues[$field] = $this->User->field($field);
} else {
$fieldsOldValues[$field] = $this->User->field('password');
$fields[] = $field;
}
}
if (
(!empty($this->request->data['User']['enable_password']) || $this->_isRest()) &&
!empty($this->request->data['User']['password'])
!empty($this->request->data['User']['password']) &&
$this->__canChangePassword()
) {
$fields[] = 'password';
if ($this->_isRest() && !isset($this->request->data['User']['confirm_password'])) {
@ -958,6 +948,12 @@ class UsersController extends AppController
}
}
$fields[] = 'date_modified'; // time will be inserted in `beforeSave` action
$fieldsOldValues = $this->User->find('first', [
'recursive' => -1,
'conditions' => ['id' => $id],
])['User'];
if ($this->User->save($this->request->data, true, $fields)) {
// newValues to array
$fieldsNewValues = array();
@ -967,7 +963,7 @@ class UsersController extends AppController
}
if ($field !== 'confirm_password') {
$newValue = $this->data['User'][$field];
if (gettype($newValue) == 'array') {
if (is_array($newValue)) {
$newValueStr = '';
$cP = 0;
foreach ($newValue as $newValuePart) {
@ -989,6 +985,9 @@ class UsersController extends AppController
// compare
$fieldsResult = array();
foreach ($fields as $field) {
if ($field === 'date_modified') {
continue;
}
if (isset($fieldsOldValues[$field]) && $fieldsOldValues[$field] != $fieldsNewValues[$field]) {
if ($field != 'confirm_password' && $field != 'enable_password') {
$fieldsResult[$field] = array($fieldsOldValues[$field], $fieldsNewValues[$field]);