From 214d13f8121bae9b61025384cff69f06ab4bf46f Mon Sep 17 00:00:00 2001
From: Jan-Hendrik Willms <tleilax+studip@gmail.com>
Date: Mon, 16 Sep 2024 06:38:07 +0000
Subject: [PATCH] allow emptying of values in user administration, fixes #4584
Closes #4584
Merge request studip/studip!3394
---
app/controllers/admin/user.php | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/app/controllers/admin/user.php b/app/controllers/admin/user.php
index 45802bc98e5..17375d13aa8 100644
--- a/app/controllers/admin/user.php
+++ b/app/controllers/admin/user.php
@@ -395,6 +395,7 @@ class Admin_UserController extends AuthenticatedController
// Änderungen speichern
if (Request::submitted('edit')) {
+ CSRFProtection::verifyUnsafeRequest();
if (Request::get('auth_plugin') === 'preliminary') {
Request::set('auth_plugin', null);
}
@@ -406,11 +407,19 @@ class Admin_UserController extends AuthenticatedController
if (count($editPerms)) {
$editUser['auth_user_md5.perms'] = $editPerms[0];
}
- foreach (['Vorname', 'Nachname', 'matriculation_number', 'auth_plugin', 'visible'] as $param) {
- if (Request::get($param)) $editUser['auth_user_md5.' . $param] = Request::get($param);
+ foreach (['Vorname', 'Nachname', 'auth_plugin', 'visible'] as $param) {
+ if (Request::get($param)) {
+ $editUser['auth_user_md5.' . $param] = Request::get($param);
+ }
+ }
+ if (Request::submitted('matriculation_number')) {
+ $editUser['auth_user_md5.matriculation_number'] = Request::get('matriculation_number');
}
+
foreach (words('title_front title_rear geschlecht preferred_language') as $param) {
- if (Request::get($param) !== null) $editUser['user_info.' . $param] = Request::get($param);
+ if (Request::submitted($param)) {
+ $editUser['user_info.' . $param] = Request::get($param);
+ }
}
//change username
if (Request::get('username') && $this->user['username'] !== Request::get('username')) {
--
GitLab