From 648caef27a5a395f007355e2960d227063b9ef99 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Sun, 10 Feb 2019 10:16:56 -0700 Subject: [PATCH] Update user_edit.php --- core/users/user_edit.php | 50 +++++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 24 deletions(-) diff --git a/core/users/user_edit.php b/core/users/user_edit.php index eae32cb081..7d3fd35278 100644 --- a/core/users/user_edit.php +++ b/core/users/user_edit.php @@ -81,15 +81,19 @@ //delete the group from the user if ($_GET["a"] == "delete" && permission_exists("user_delete")) { //set the variables - $group_uuid = check_str($_GET["group_uuid"]); + $group_uuid = $_GET["group_uuid"]; //delete the group from the users - $sql = "delete from v_user_groups "; - $sql .= "where group_uuid = '".$group_uuid."' "; - $sql .= "and user_uuid = '".$user_uuid."' "; - $db->exec(check_sql($sql)); + if (is_uuid($group_uuid) && is_uuid($user_uuid)) { + $sql = "delete from v_user_groups "; + $sql .= "where group_uuid = '".$group_uuid."' "; + $sql .= "and user_uuid = '".$user_uuid."' "; + $db->exec(check_sql($sql)); + } //redirect the user message::add($text['message-update']); - header("Location: user_edit.php?id=".$user_uuid); + if (is_uuid($user_uuid)) { + header("Location: user_edit.php?id=".$user_uuid); + } return; } @@ -346,17 +350,17 @@ $group_uuid = $group_data[0]; $group_name = $group_data[1]; //only a superadmin can add other superadmins or admins, admins can only add other admins - switch ($group_name) { - case "superadmin": if (!if_group("superadmin")) { break; } - case "admin": if (!if_group("superadmin") && !if_group("admin")) { break; } - default: //add group user to array for insert - $array['user_groups'][$n]['user_group_uuid'] = uuid(); - $array['user_groups'][$n]['domain_uuid'] = $domain_uuid; - $array['user_groups'][$n]['group_name'] = $group_name; - $array['user_groups'][$n]['group_uuid'] = $group_uuid; - $array['user_groups'][$n]['user_uuid'] = $user_uuid; - $n++; - } + switch ($group_name) { + case "superadmin": if (!if_group("superadmin")) { break; } + case "admin": if (!if_group("superadmin") && !if_group("admin")) { break; } + default: //add group user to array for insert + $array['user_groups'][$n]['user_group_uuid'] = uuid(); + $array['user_groups'][$n]['domain_uuid'] = $domain_uuid; + $array['user_groups'][$n]['group_name'] = $group_name; + $array['user_groups'][$n]['group_uuid'] = $group_uuid; + $array['user_groups'][$n]['user_uuid'] = $user_uuid; + $n++; + } } //update domain, if changed @@ -806,12 +810,10 @@ echo " "; echo escape($field['group_name']).(($field['group_domain_uuid'] != '') ? "@".$_SESSION['domains'][$field['group_domain_uuid']]['domain_name'] : null); echo " \n"; - if ($result_count > 1) { - if (permission_exists('group_member_delete') || if_group("superadmin")) { - echo " \n"; - echo " ".$v_link_label_delete."\n"; - echo " \n"; - } + if (permission_exists('group_member_delete') || if_group("superadmin")) { + echo " \n"; + echo " ".$v_link_label_delete."\n"; + echo " \n"; } echo "\n"; $assigned_groups[] = $field['group_uuid']; @@ -819,7 +821,7 @@ } echo "\n"; } - unset($sql, $prep_statement, $result, $result_count); + unset($sql, $prep_statement, $result); $sql = "select * from v_groups "; $sql .= "where (domain_uuid = '".$domain_uuid."' or domain_uuid is null) ";