diff --git a/app/controllers/admin/user.php b/app/controllers/admin/user.php
index 45802bc98e5f873067f358191151414bd3672452..17375d13aa844b22bdad4f38162cb3a74b4548b6 100644
--- a/app/controllers/admin/user.php
+++ b/app/controllers/admin/user.php
@@ -395,6 +395,7 @@ class Admin_UserController extends AuthenticatedController
// Änderungen speichern
if (Request::submitted('edit')) {
+ CSRFProtection::verifyUnsafeRequest();
if (Request::get('auth_plugin') === 'preliminary') {
Request::set('auth_plugin', null);
}
@@ -406,11 +407,19 @@ class Admin_UserController extends AuthenticatedController
if (count($editPerms)) {
$editUser['auth_user_md5.perms'] = $editPerms[0];
}
- foreach (['Vorname', 'Nachname', 'matriculation_number', 'auth_plugin', 'visible'] as $param) {
- if (Request::get($param)) $editUser['auth_user_md5.' . $param] = Request::get($param);
+ foreach (['Vorname', 'Nachname', 'auth_plugin', 'visible'] as $param) {
+ if (Request::get($param)) {
+ $editUser['auth_user_md5.' . $param] = Request::get($param);
+ }
+ }
+ if (Request::submitted('matriculation_number')) {
+ $editUser['auth_user_md5.matriculation_number'] = Request::get('matriculation_number');
}
+
foreach (words('title_front title_rear geschlecht preferred_language') as $param) {
- if (Request::get($param) !== null) $editUser['user_info.' . $param] = Request::get($param);
+ if (Request::submitted($param)) {
+ $editUser['user_info.' . $param] = Request::get($param);
+ }
}
//change username
if (Request::get('username') && $this->user['username'] !== Request::get('username')) {