diff options
author | Renato Botelho <garga@FreeBSD.org> | 2014-09-25 09:29:57 -0300 |
---|---|---|
committer | Renato Botelho <garga@FreeBSD.org> | 2014-09-25 09:29:57 -0300 |
commit | fbe0d6986aef1ce933f91ad34ba9393344693180 (patch) | |
tree | 180c173b73781cfb5f90728bf519959f32243570 /usr/local | |
parent | e45e3bf48c1e7d5bdf720c598ef0447028320937 (diff) | |
download | pfsense-fbe0d6986aef1ce933f91ad34ba9393344693180.zip pfsense-fbe0d6986aef1ce933f91ad34ba9393344693180.tar.gz |
Be more strict on user removal checking array id and also username to avoid removing wrong users when browser back button is used. It should fix #3856
Diffstat (limited to 'usr/local')
-rw-r--r-- | usr/local/www/system_usermanager.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr/local/www/system_usermanager.php b/usr/local/www/system_usermanager.php index 6f5ea6f..9dfd814 100644 --- a/usr/local/www/system_usermanager.php +++ b/usr/local/www/system_usermanager.php @@ -81,7 +81,7 @@ if (isset($id) && $a_user[$id]) { if ($_POST['act'] == "deluser") { - if (!$a_user[$id]) { + if (!isset($_POST['username']) || !isset($a_user[$id]) || ($_POST['username'] != $a_user[$id]['name'])) { pfSenseHeader("system_usermanager.php"); exit; } @@ -858,6 +858,7 @@ function sshkeyClicked(obj) { <form action="system_usermanager.php" method="post" name="iform2" id="iform2"> <input type="hidden" id="act" name="act" value="" /> <input type="hidden" id="userid" name="userid" value="<?=(isset($id) ? $id : '');?>" /> + <input type="hidden" id="username" name="username" value="" /> <input type="hidden" id="privid" name="privid" value="" /> <input type="hidden" id="certid" name="certid" value="" /> <table class="sortable" width="100%" border="0" cellpadding="0" cellspacing="0" summary=""> @@ -939,6 +940,7 @@ function sshkeyClicked(obj) { <input type="image" name="deluser[]" width="17" height="17" border="0" src="/themes/<?=$g['theme'];?>/images/icons/icon_x.gif" onclick="document.getElementById('userid').value='<?=$i;?>'; + document.getElementById('username').value='<?=$userent['name'];?>'; document.getElementById('act').value='<?php echo "deluser";?>'; return confirm('<?=gettext("Do you really want to delete this user?");?>');" title="<?=gettext("delete user");?>" /> |