diff options
author | Phil Davis <phil.davis@inf.org> | 2015-10-11 14:02:18 +0545 |
---|---|---|
committer | Phil Davis <phil.davis@inf.org> | 2015-10-11 14:02:18 +0545 |
commit | eef67fd5efce89feba6f903564b760db43b60ffb (patch) | |
tree | 1d17e4b845b8246aa59e23325983f8c2b074a61e /usr/local | |
parent | 53a215651906113a3d3ae011aba3de1f8e8cc3ff (diff) | |
download | pfsense-eef67fd5efce89feba6f903564b760db43b60ffb.zip pfsense-eef67fd5efce89feba6f903564b760db43b60ffb.tar.gz |
Redmine #5294 Do not delete a system user
This code checks if the user has somehow posted a user deletion for a user that has "system" scope. If so, then the delete iscnot done and an input error is displayed.
Note that in normal use the user manager page does not display a delete button for "system" users, so normally this does not happen - only if the user manually messes with the $POST variables.
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/system_usermanager.php | 26 |
1 files changed, 18 insertions, 8 deletions
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 13e19c5..ce3c16e 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -90,14 +90,22 @@ if ($_POST['act'] == "deluser") { exit; } - conf_mount_rw(); - local_user_del($a_user[$id]); - conf_mount_ro(); - $userdeleted = $a_user[$id]['name']; - unset($a_user[$id]); - write_config(); - $savemsg = gettext("User")." {$userdeleted} ". - gettext("successfully deleted")."<br />"; + $saved_username = $a_user[$id]['name']; + + if ($a_user[$id]['scope'] != "system") { + conf_mount_rw(); + local_user_del($a_user[$id]); + conf_mount_ro(); + unset($a_user[$id]); + write_config(); + $savemsg = gettext("User") . " {$saved_username} " . + gettext("successfully deleted") . "<br />"; + } else { + unset($id); + unset($deletion_errors); + $deletion_errors[] = gettext("User") . " {$saved_username} " . + gettext("is a system user. Deletion is not allowed."); + } } else if ($_POST['act'] == "delpriv") { @@ -486,6 +494,8 @@ function sshkeyClicked(obj) { <?php if ($input_errors) print_input_errors($input_errors); + if ($deletion_errors) + print_input_errors($deletion_errors); if ($savemsg) print_info_box($savemsg); ?> |