remove potential password change exploit in airtime-demo

2013-03-22 18:05:34 -04:00 · 2013-03-22 18:05:34 -04:00 · d12f793578
parent a5c8b7624e
commit d12f793578
1 changed files with 1 additions and 2 deletions
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@ -49,8 +49,7 @@ class UserController extends Zend_Controller_Action
            if ($form->isValid($formData)) {

                if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1
-                        && $formData['login'] == 'admin'
-                        && $formData['user_id'] != 0) {
+                        && $formData['login'] == 'admin') {
                    $this->view->form = $form;
                    $this->view->successMessage = "<div class='errors'>"._("Specific action is not allowed in demo version!")."</div>";
                    $this->_helper->json->sendJson(array("valid"=>"false", "html"=>$this->view->render('user/add-user.phtml')));