From d12f793578755f3d5c9f7200a37ffd0645a0ce4e Mon Sep 17 00:00:00 2001
From: Martin Konecny <martin.konecny@gmail.com>
Date: Fri, 22 Mar 2013 18:05:34 -0400
Subject: [PATCH] remove potential password change exploit in airtime-demo

---
 airtime_mvc/application/controllers/UserController.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/airtime_mvc/application/controllers/UserController.php b/airtime_mvc/application/controllers/UserController.php
index 319c57767..a67249c06 100644
--- a/airtime_mvc/application/controllers/UserController.php
+++ b/airtime_mvc/application/controllers/UserController.php
@@ -49,8 +49,7 @@ class UserController extends Zend_Controller_Action
             if ($form->isValid($formData)) {
 
                 if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1
-                        && $formData['login'] == 'admin'
-                        && $formData['user_id'] != 0) {
+                        && $formData['login'] == 'admin') {
                     $this->view->form = $form;
                     $this->view->successMessage = "<div class='errors'>"._("Specific action is not allowed in demo version!")."</div>";
                     $this->_helper->json->sendJson(array("valid"=>"false", "html"=>$this->view->render('user/add-user.phtml')));