fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-08 19:42:15 +09:00
Code Issues Projects Releases Packages Wiki Activity

Fix unmodifiable fields being exposed in member info modification form

Browse source
This commit is contained in:
Kijin Sung 2023-06-27 22:23:47 +09:00
parent 62dfb38308
commit 089f375743
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

4
modules/member/member.admin.view.php
View file

@ -497,13 +497,15 @@ class MemberAdminView extends Member
{ {
$member_config = $this->memberConfig = $oMemberModel->getMemberConfig(); $member_config = $this->memberConfig = $oMemberModel->getMemberConfig();
} }
$identifiers = $member_config->identifiers ?? [$member_config->identifier];
$identifiers = array_intersect($identifiers, ['user_id', 'email_address']);
global $lang; global $lang;
$formTags = array(); $formTags = array();
foreach($member_config->signupForm as $no=>$formInfo) foreach($member_config->signupForm as $no=>$formInfo)
{ {
if(!$formInfo->isUse || $formInfo->name == $member_config->identifier || $formInfo->name == 'password') if(!$formInfo->isUse || in_array($formInfo->name, $identifiers) || $formInfo->name == 'password')
{ {
continue; continue;
} }

6
modules/member/member.controller.php
View file

@ -2993,7 +2993,8 @@ class MemberController extends Member
} }
// Check if email address or user ID is duplicate // Check if email address or user ID is duplicate
if($config->identifier == 'email_address') $identifiers = $config->identifiers ?? [$config->identifier];
if(in_array('email_address', $identifiers))
{ {
$member_srl = MemberModel::getMemberSrlByEmailAddress($args->email_address); $member_srl = MemberModel::getMemberSrlByEmailAddress($args->email_address);
if($member_srl && $args->member_srl != $member_srl) if($member_srl && $args->member_srl != $member_srl)
@ -3002,14 +3003,13 @@ class MemberController extends Member
} }
$args->email_address = $orgMemberInfo->email_address; $args->email_address = $orgMemberInfo->email_address;
} }
else if(in_array('user_id', $identifiers))
{ {
$member_srl = MemberModel::getMemberSrlByUserID($args->user_id); $member_srl = MemberModel::getMemberSrlByUserID($args->user_id);
if($member_srl && $args->member_srl != $member_srl) if($member_srl && $args->member_srl != $member_srl)
{ {
return new BaseObject(-1, 'msg_exists_user_id'); return new BaseObject(-1, 'msg_exists_user_id');
} }
$args->user_id = $orgMemberInfo->user_id; $args->user_id = $orgMemberInfo->user_id;
} }