aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFriendika <info@friendika.com>2011-01-04 22:17:58 -0800
committerFriendika <info@friendika.com>2011-01-04 22:17:58 -0800
commitbb0c24bd4fd159cc005f60a0808a4b37b91060b0 (patch)
tree01741f63f64cdd7f430fd70deba74cc510a20846
parent45c1559b38a54a8280b3339c0b1b30be1d7c473d (diff)
downloadvolse-hubzilla-bb0c24bd4fd159cc005f60a0808a4b37b91060b0.tar.gz
volse-hubzilla-bb0c24bd4fd159cc005f60a0808a4b37b91060b0.tar.bz2
volse-hubzilla-bb0c24bd4fd159cc005f60a0808a4b37b91060b0.zip
prevent admin hijacks
-rw-r--r--mod/notifications.php2
-rw-r--r--mod/regmod.php5
-rw-r--r--mod/settings.php4
3 files changed, 10 insertions, 1 deletions
diff --git a/mod/notifications.php b/mod/notifications.php
index f11676ebf..c425d092e 100644
--- a/mod/notifications.php
+++ b/mod/notifications.php
@@ -127,7 +127,7 @@ function notifications_content(&$a) {
notice( t('No notifications.') . EOL);
if ($a->config['register_policy'] = REGISTER_APPROVE &&
- $a->config['admin_email'] = $a->user['email']){
+ $a->config['admin_email'] === $a->user['email']){
$o .= load_view_file('view/registrations-top.tpl');
$r = q("SELECT `register`.*, `contact`.`name`, `user`.`email`
diff --git a/mod/regmod.php b/mod/regmod.php
index 772351ac5..eabbec090 100644
--- a/mod/regmod.php
+++ b/mod/regmod.php
@@ -12,6 +12,11 @@ function regmod_content(&$a) {
return $o;
}
+ if((! (x($a->config,'admin_email'))) || ($a->config['admin_email'] !== $a->user['email'])) {
+ notice( t('Permission denied.') . EOL);
+ return '';
+ }
+
if($a->argc != 3)
killme();
diff --git a/mod/settings.php b/mod/settings.php
index a40883f35..9a9fde5c6 100644
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -95,6 +95,10 @@ function settings_post(&$a) {
$email_changed = true;
if(! valid_email($email))
$err .= t(' Not valid email.');
+ if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
+ $err .= t(' Cannot change to that email.');
+ $email = $a->user['email'];
+ }
}
if(strlen($err)) {