Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

remove potential password change exploit in airtime-demo

This commit is contained in:
Martin Konecny 2013-03-22 18:05:34 -04:00
parent a5c8b7624e
commit d12f793578
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
airtime_mvc/application/controllers/UserController.php
View File

@ -49,8 +49,7 @@ class UserController extends Zend_Controller_Action
if ($form->isValid($formData)) { if ($form->isValid($formData)) {
if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1 if (isset($CC_CONFIG['demo']) && $CC_CONFIG['demo'] == 1
&& $formData['login'] == 'admin' && $formData['login'] == 'admin') {
&& $formData['user_id'] != 0) {
$this->view->form = $form; $this->view->form = $form;
$this->view->successMessage = "<div class='errors'>"._("Specific action is not allowed in demo version!")."</div>"; $this->view->successMessage = "<div class='errors'>"._("Specific action is not allowed in demo version!")."</div>";
$this->_helper->json->sendJson(array("valid"=>"false", "html"=>$this->view->render('user/add-user.phtml'))); $this->_helper->json->sendJson(array("valid"=>"false", "html"=>$this->view->render('user/add-user.phtml')));