diff options
Diffstat (limited to 'app/Controllers/userController.php')
| -rw-r--r-- | app/Controllers/userController.php | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 2f066e25f..95859c92c 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -91,6 +91,10 @@ class FreshRSS_user_Controller extends Minz_ActionController { } public function updateAction() { + if (!FreshRSS_Auth::hasAccess('admin')) { + Minz_Error::error(403); + } + if (Minz_Request::isPost()) { $passwordPlain = Minz_Request::param('newPasswordPlain', '', true); Minz_Request::_param('newPasswordPlain'); //Discard plain-text password ASAP @@ -104,8 +108,12 @@ class FreshRSS_user_Controller extends Minz_ActionController { )); if ($ok) { - Minz_Request::good(_t('feedback.user.updated', $username), - array('c' => 'user', 'a' => 'manage')); + $isSelfUpdate = Minz_Session::param('currentUser', '_') === $username; + if ($passwordPlain == '' || !$isSelfUpdate) { + Minz_Request::good(_t('feedback.user.updated', $username), array('c' => 'user', 'a' => 'manage')); + } else { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index')); + } } else { Minz_Request::bad(_t('feedback.user.updated.error', $username), array('c' => 'user', 'a' => 'manage')); @@ -138,8 +146,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash); if ($ok) { - Minz_Request::good(_t('feedback.profile.updated'), - array('c' => 'user', 'a' => 'profile')); + if ($passwordPlain == '') { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile')); + } else { + Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index')); + } } else { Minz_Request::bad(_t('feedback.profile.error'), array('c' => 'user', 'a' => 'profile')); |