diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2018-10-28 09:49:10 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-10-28 09:49:10 +0100 |
| commit | e04804d0f67dd43fd3f072b9a127768ee7b7b56c (patch) | |
| tree | a49023ed25aab7fb1c1aafe749f7d462de0027b2 /app/Controllers/userController.php | |
| parent | 44bd07e506ade204151c276fdc05994d51efdd7a (diff) | |
| parent | 4234dfe0d72b61fe931d2c76a1d8a335ce65a209 (diff) | |
Merge pull request #2049 from FreshRSS/dev1.12.0
FreshRSS 1.12.0
Diffstat (limited to 'app/Controllers/userController.php')
| -rw-r--r-- | app/Controllers/userController.php | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 75a4303d6..2338c8b2a 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -38,7 +38,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { * The username is also used as folder name, file name, and part of SQL table name. * '_' is a reserved internal username. */ - const USERNAME_PATTERN = '[0-9a-zA-Z_]{2,38}|[0-9a-zA-Z]'; + const USERNAME_PATTERN = '[0-9a-zA-Z_][0-9a-zA-Z_.]{1,38}|[0-9a-zA-Z]'; public static function checkUsername($username) { return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1; @@ -91,6 +91,10 @@ class FreshRSS_user_Controller extends Minz_ActionController { } public function updateAction() { + if (!FreshRSS_Auth::hasAccess('admin')) { + Minz_Error::error(403); + } + if (Minz_Request::isPost()) { $passwordPlain = Minz_Request::param('newPasswordPlain', '', true); Minz_Request::_param('newPasswordPlain'); //Discard plain-text password ASAP @@ -104,8 +108,12 @@ class FreshRSS_user_Controller extends Minz_ActionController { )); if ($ok) { - Minz_Request::good(_t('feedback.user.updated', $username), - array('c' => 'user', 'a' => 'manage')); + $isSelfUpdate = Minz_Session::param('currentUser', '_') === $username; + if ($passwordPlain == '' || !$isSelfUpdate) { + Minz_Request::good(_t('feedback.user.updated', $username), array('c' => 'user', 'a' => 'manage')); + } else { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index')); + } } else { Minz_Request::bad(_t('feedback.user.updated.error', $username), array('c' => 'user', 'a' => 'manage')); @@ -138,8 +146,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash); if ($ok) { - Minz_Request::good(_t('feedback.profile.updated'), - array('c' => 'user', 'a' => 'profile')); + if ($passwordPlain == '') { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile')); + } else { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index')); + } } else { Minz_Request::bad(_t('feedback.profile.error'), array('c' => 'user', 'a' => 'profile')); @@ -166,7 +177,7 @@ class FreshRSS_user_Controller extends Minz_ActionController { $entryDAO = FreshRSS_Factory::createEntryDao($this->view->current_user); $this->view->nb_articles = $entryDAO->count(); - $databaseDAO = FreshRSS_Factory::createDatabaseDAO(); + $databaseDAO = FreshRSS_Factory::createDatabaseDAO($this->view->current_user); $this->view->size_user = $databaseDAO->size(); } } |