]> source.dussan.org Git - nextcloud-server.git/commitdiff
projects / nextcloud-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 8aba587 80d1037)
Merge pull request #603 from owncloud/store_plain_groupname
authorBart Visscher <bartv@thisnet.nl>
Fri, 30 Nov 2012 12:13:36 +0000 (04:13 -0800)
committerBart Visscher <bartv@thisnet.nl>
Fri, 30 Nov 2012 12:13:36 +0000 (04:13 -0800)
Group name doesn't need to be sanitized before storing it in the database

1  2 
settings/ajax/togglegroups.php patch | diff1 | diff2 | blob | history

diff --cc settings/ajax/togglegroups.php
index 931ab2689e25aae8aebceab243845b90775b1c89,b7746fed8f19200b02bf82505612229e6740b5ad..f82ece4aee1464b47ba3c253fab507fef2daa9de
--- 1/settings/ajax/togglegroups.php
--- 2/settings/ajax/togglegroups.php
+++ b/settings/ajax/togglegroups.php
@@@ -5,14 -5,8 +5,14 @@@ OCP\JSON::callCheck()
  
  $success = true;
  $username = $_POST["username"];
- $group = OC_Util::sanitizeHTML($_POST["group"]);
+ $group = $_POST["group"];
  
 +if($username == OC_User::getUser() && $group == "admin" &&  OC_Group::inGroup($username, 'admin')){
 +      $l = OC_L10N::get('core');
 +      OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
 +      exit();
 +}
 +
  if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
        $l = OC_L10N::get('core');
        OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server