[Vtigercrm-developers] Security Patch - User Password Change broken?

Alan Lord alanslists at gmail.com
Thu Apr 4 12:33:35 UTC 2013


On 04/04/13 13:23, Alan Lord wrote:
> Anyone got any ideas?

Did a bit more digging.

In modules/Users/Save.php the test on line 54

if(!is_admin($current_user) && $_REQUEST['user_role'] != 
$current_user->roleid){

I did a print_r($_REQUEST) right before this test is run and there is no 
'user_role' value present...

So I reckon this is *never* going to pass if you are not admin.

Al







More information about the vtigercrm-developers mailing list