|
|
@@ -91,6 +91,10 @@ class FreshRSS_user_Controller extends Minz_ActionController {
|
|
|
}
|
|
|
|
|
|
public function updateAction() {
|
|
|
+ if (!FreshRSS_Auth::hasAccess('admin')) {
|
|
|
+ Minz_Error::error(403);
|
|
|
+ }
|
|
|
+
|
|
|
if (Minz_Request::isPost()) {
|
|
|
$passwordPlain = Minz_Request::param('newPasswordPlain', '', true);
|
|
|
Minz_Request::_param('newPasswordPlain'); //Discard plain-text password ASAP
|
|
|
@@ -104,8 +108,12 @@ class FreshRSS_user_Controller extends Minz_ActionController {
|
|
|
));
|
|
|
|
|
|
if ($ok) {
|
|
|
- Minz_Request::good(_t('feedback.user.updated', $username),
|
|
|
- array('c' => 'user', 'a' => 'manage'));
|
|
|
+ $isSelfUpdate = Minz_Session::param('currentUser', '_') === $username;
|
|
|
+ if ($passwordPlain == '' || !$isSelfUpdate) {
|
|
|
+ Minz_Request::good(_t('feedback.user.updated', $username), array('c' => 'user', 'a' => 'manage'));
|
|
|
+ } else {
|
|
|
+ Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index'));
|
|
|
+ }
|
|
|
} else {
|
|
|
Minz_Request::bad(_t('feedback.user.updated.error', $username),
|
|
|
array('c' => 'user', 'a' => 'manage'));
|
|
|
@@ -138,8 +146,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
|
|
|
Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash);
|
|
|
|
|
|
if ($ok) {
|
|
|
- Minz_Request::good(_t('feedback.profile.updated'),
|
|
|
- array('c' => 'user', 'a' => 'profile'));
|
|
|
+ if ($passwordPlain == '') {
|
|
|
+ Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile'));
|
|
|
+ } else {
|
|
|
+ Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index'));
|
|
|
+ }
|
|
|
} else {
|
|
|
Minz_Request::bad(_t('feedback.profile.error'),
|
|
|
array('c' => 'user', 'a' => 'profile'));
|
Alexandre Alapetite