fix email leak in user search form
authorjoshuaruesweg <josh@joshsboard.de>
Thu, 19 Feb 2015 15:58:17 +0000 (16:58 +0100)
committerjoshuaruesweg <josh@joshsboard.de>
Thu, 19 Feb 2015 15:58:17 +0000 (16:58 +0100)
wcfsetup/install/files/lib/acp/action/UserQuickSearchAction.class.php
wcfsetup/install/files/lib/acp/form/UserSearchForm.class.php

index 4d5b1e99bdd48dbf573f2ea08bbe9929b0028dc7..9a1c8bba6d2a31809fea778130b0b61ba86cc357 100644 (file)
@@ -46,7 +46,7 @@ class UserQuickSearchAction extends AbstractAction {
         * shown columns
         * @var array<string>
         */
-       public $columns = array('email', 'registrationDate');
+       public $columns = array('registrationDate', 'lastActivityTime');
        
        /**
         * sort field
@@ -83,6 +83,11 @@ class UserQuickSearchAction extends AbstractAction {
                
                parent::execute();
                
+               // add email column for authorized users
+               if (WCF::getSession()->getPermission('admin.user.canEditMailAddress')) {
+                       array_unshift($this->columns, 'email');
+               }
+               
                switch ($this->mode) {
                        case 'banned':
                                $sql = "SELECT          user_table.userID
index 0735156f827e8eeb55974d09d0713a1f25b32ed9..ade5bfea1f5118f4e15283e4ac7df8323937df59 100755 (executable)
@@ -157,7 +157,7 @@ class UserSearchForm extends UserOptionListForm {
         * shown columns
         * @var array<string>
         */
-       public $columns = array('email', 'registrationDate');
+       public $columns = array('registrationDate', 'lastActivityTime');
        
        /**
         * number of results
@@ -231,6 +231,11 @@ class UserSearchForm extends UserOptionListForm {
        public function readData() {
                parent::readData();
                
+               // add email column for authorized users
+               if (WCF::getSession()->getPermission('admin.user.canEditMailAddress')) {
+                       array_unshift($this->columns, 'email');
+               }
+               
                $this->readOptionTree();
        }