diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-10-10 20:05:34 +0400 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-10-10 20:05:34 +0400 |
| commit | 2f4b1b0e4c52b1685642513482a697f9ab1e5fc1 (patch) | |
| tree | f46cb7f13ecdffcf526d3fd5f63f9fd66f2eda06 /settings | |
| parent | 41640b4b91c7f8d407fb17e085f83d95ca900311 (diff) | |
Disallow users to delete their own accounts
Diffstat (limited to 'settings')
| -rw-r--r-- | settings/ajax/removeuser.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php index 6b11fa5c4fb..1e3cd2993b0 100644 --- a/settings/ajax/removeuser.php +++ b/settings/ajax/removeuser.php @@ -8,6 +8,11 @@ OCP\JSON::callCheck(); $username = $_POST["username"]; +// A user shouldn't be able to delete his own account +if(OC_User::getUser() === $username) { + exit; +} + if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $l = OC_L10N::get('core'); OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); @@ -20,4 +25,4 @@ if( OC_User::deleteUser( $username )) { } else{ OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") ))); -} +}
\ No newline at end of file |