diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-12-06 20:46:26 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2015-12-06 20:46:26 +0000 |
| commit | 389527296e02ab5ae205e22a9544589f6121b64d (patch) | |
| tree | 23b7031903bc5c070d8ee9476c53efa7f4e500ec | |
| parent | e6b7c7316977596fa4970d85c580b23263bdbec8 (diff) | |
| download | redmine-389527296e02ab5ae205e22a9544589f6121b64d.tar.gz redmine-389527296e02ab5ae205e22a9544589f6121b64d.zip | |
Prevent admins from sending themselves their own password (#21436).
Patch by Jan Schulz-Hofen.
git-svn-id: http://svn.redmine.org/redmine/trunk@14966 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/controllers/users_controller.rb | 2 | ||||
| -rw-r--r-- | app/views/users/_general.html.erb | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 9ce80111a..33699325b 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -143,7 +143,7 @@ class UsersController < ApplicationController if was_activated Mailer.account_activated(@user).deliver - elsif @user.active? && params[:send_information] && @user.password.present? && @user.auth_source_id.nil? + elsif @user.active? && params[:send_information] && @user.password.present? && @user.auth_source_id.nil? && @user != User.current Mailer.account_information(@user, @user.password).deliver end diff --git a/app/views/users/_general.html.erb b/app/views/users/_general.html.erb index 0daa421c7..7d84c0ced 100644 --- a/app/views/users/_general.html.erb +++ b/app/views/users/_general.html.erb @@ -1,6 +1,6 @@ <%= labelled_form_for @user do |f| %> <%= render :partial => 'form', :locals => { :f => f } %> - <% if @user.active? && email_delivery_enabled? -%> + <% if @user.active? && email_delivery_enabled? && @user != User.current -%> <p><label><%= check_box_tag 'send_information', 1, true %> <%= l(:label_send_information) %></label></p> <% end -%> <p><%= submit_tag l(:button_save) %></p> |