From 2f4b1b0e4c52b1685642513482a697f9ab1e5fc1 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 10 Oct 2012 18:05:34 +0200
Subject: [PATCH] Disallow users to delete their own accounts

---
 settings/ajax/removeuser.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
index 6b11fa5c4fb..1e3cd2993b0 100644
--- a/settings/ajax/removeuser.php
+++ b/settings/ajax/removeuser.php
@@ -8,6 +8,11 @@ OCP\JSON::callCheck();
 
 $username = $_POST["username"];
 
+// A user shouldn't be able to delete his own account
+if(OC_User::getUser() === $username) {
+	exit;
+}
+
 if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
 	$l = OC_L10N::get('core');
 	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
@@ -20,4 +25,4 @@ if( OC_User::deleteUser( $username )) {
 }
 else{
 	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
-}
+}
\ No newline at end of file
-- 
2.39.5