mirror of https://github.com/MISP/MISP
fix: [API] /users/edit modifications
- remove sanitised password when directly posting back a user object - more graceful error handling if something goes critically wrongnibbler
parent
d656490461
commit
ca484ae1dc
|
@ -179,7 +179,11 @@ class UsersController extends AppController
|
|||
// Save the data
|
||||
if ($this->_isRest()) {
|
||||
if (!empty($this->request->data['User']['password'])) {
|
||||
$currentUser['User']['confirm_password'] = $this->request->data['User']['password'];
|
||||
if ($this->request->data['User']['password'] === '****') {
|
||||
unset($this->request->data['User']['password']);
|
||||
} else {
|
||||
$currentUser['User']['confirm_password'] = $this->request->data['User']['password'];
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($this->User->save($currentUser, true, $fieldList)) {
|
||||
|
@ -201,6 +205,7 @@ class UsersController extends AppController
|
|||
}
|
||||
} else {
|
||||
$message = __('The profile could not be updated. Please, try again.');
|
||||
$abortPost = true;
|
||||
}
|
||||
}
|
||||
if ($abortPost) {
|
||||
|
|
Loading…
Reference in New Issue