Nemcio/Grav-Admin-Plugin
1
0
Fork 0
mirror of https://github.com/getgrav/grav-plugin-admin.git synced 2026-01-05 07:10:40 +01:00
Code Issues Packages Projects Releases Activity

Merge branch 'develop' into 1.9

Browse Source 
# Conflicts:
#	CHANGELOG.md
#	themes/grav/app/updates/index.js
#	themes/grav/js/admin.min.js
This commit is contained in:
Andy Miller
2018-12-13 15:47:25 -07:00
parent 54728c035a f0c0af4e8a
commit cf00aac59c
1 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
classes/admin.php
View File

@@ -649,12 +649,12 @@ class Admin
$data[$type] = $obj;
} elseif (preg_match('|users/|', $type)) {
$obj = User::load(preg_replace('|users/|', '', $type));
$obj->merge($post);
$obj->merge($this->cleanUserPost($post));
$data[$type] = $obj;
} elseif (preg_match('|user/|', $type)) {
$obj = User::load(preg_replace('|user/|', '', $type));
$obj->merge($post);
$obj->merge($this->cleanUserPost($post));
$data[$type] = $obj;
} elseif (preg_match('|config/|', $type)) {
@@ -699,6 +699,25 @@ class Admin
return $data[$type];
}
/**
* Clean user form post and remove extra stuff that may be passed along
*
* @param $post
* @return array
*/
protected function cleanUserPost($post)
{
// Clean fields for all users
unset($post['hashed_password']);
// Clean field for users who shouldn't be able to modify these fields
if (!$this->authorize(['admin.user', 'admin.super'])) {
unset($post['access']);
}
return $post;
}
protected function hasErrorMessage()
{
$msgs = $this->grav['messages']->all();