Use username from the database if one is provided by the user

This fixes a bug where the new user name input by the user was invalid, causing the account deletion link and the form action to be wrong. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2025-02-03 10:43:03 +01:00 · 2015-07-19 22:32:04 +02:00 · 2015-07-19 22:32:04 +02:00 · 7927a6decd
commit 7927a6decd
parent f2ff9782a5
3 changed files with 9 additions and 7 deletions
--- a/web/html/account.php
+++ b/web/html/account.php
@ -61,7 +61,7 @@ if (isset($_COOKIE["AURSID"])) {
 					$row["AccountTypeID"], $row["Suspended"], $row["Email"],
 					"", "", $row["RealName"], $row["LangPreference"],
 					$row["IRCNick"], $row["PGPKey"], $PK,
-					$row["InactivityTS"] ? 1 : 0, $row["ID"]);
+					$row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]);
 			} else {
 				print __("You do not have permission to edit this account.");
 			}
@ -100,7 +100,7 @@ if (isset($_COOKIE["AURSID"])) {
 					in_request("E"), in_request("P"), in_request("C"),
 					in_request("R"), in_request("L"), in_request("I"),
 					in_request("K"), in_request("PK"), in_request("J"),
-					in_request("ID"));
+					in_request("ID"), $row["Username"]);
 		}
 	} else {
 		if (has_credential(CRED_ACCOUNT_SEARCH)) {
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@ -56,11 +56,12 @@ function html_format_pgp_fingerprint($fingerprint) {
 * @param string $PK The list of SSH public keys
 * @param string $J The inactivity status of the displayed user
 * @param string $UID The user ID of the displayed user
+ * @param string $N The username as present in the database
 *
 * @return void
 */
 function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
-		$L="",$I="",$K="",$PK="",$J="", $UID=0) {
+		$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;

 	include("account_edit_form.php");
@ -86,11 +87,12 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
 * @param string $PK The list of public SSH keys
 * @param string $J The inactivity status of the user
 * @param string $UID The user ID of the modified account
+ * @param string $N The username as present in the database
 *
 * @return string|void Return void if successful, otherwise return error
 */
 function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
-		$R="",$L="",$I="",$K="",$PK="",$J="",$UID=0) {
+		$R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
 	global $SUPPORTED_LANGS;

 	$error = '';
@ -247,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
 	if ($error) {
 		print "<ul class='errorlist'><li>".$error."</li></ul>\n";
 		display_account_form($A, $U, $T, $S, $E, "", "",
-				$R, $L, $I, $K, $PK, $J, $UID);
+				$R, $L, $I, $K, $PK, $J, $UID, $N);
 		return;
 	}

--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@ -1,9 +1,9 @@
 <?php if ($A == "UpdateAccount"): ?>
 <p>
-	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+	<?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($N) . 'delete/' . '">', '</a>') ?>
 </p>

-<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
+<form id="edit-profile-form" action="<?= get_user_uri($N) . 'update/'; ?>" method="post">
 <?php else: ?>
 <form id="edit-profile-form" action="<?= get_uri('/register/'); ?>" method="post">
 <?php endif; ?>