From: joshuaruesweg Date: Wed, 20 May 2015 15:28:44 +0000 (+0200) Subject: fix email leak in user search form X-Git-Tag: 2.1.5~45^2 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=7e4521a206f2514e303fef7bcb95c7491922cdbc;p=GitHub%2FWoltLab%2FWCF.git fix email leak in user search form --- diff --git a/wcfsetup/install/files/acp/templates/userSearch.tpl b/wcfsetup/install/files/acp/templates/userSearch.tpl index d06c1c246c..b18b97d1e4 100644 --- a/wcfsetup/install/files/acp/templates/userSearch.tpl +++ b/wcfsetup/install/files/acp/templates/userSearch.tpl @@ -217,7 +217,9 @@
- + {if $__wcf->session->getPermission('admin.user.canEditMailAddress')} + + {/if} diff --git a/wcfsetup/install/files/lib/acp/form/UserSearchForm.class.php b/wcfsetup/install/files/lib/acp/form/UserSearchForm.class.php index df27874eb1..ab5bcdb4c9 100755 --- a/wcfsetup/install/files/lib/acp/form/UserSearchForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/UserSearchForm.class.php @@ -314,6 +314,11 @@ class UserSearchForm extends UserOptionListForm { public function validate() { AbstractForm::validate(); + // remove email column for not authorized users + if (!WCF::getSession()->getPermission('admin.user.canEditMailAddress') && ($key = array_search('email', $this->columns)) !== false) { + unset($this->columns[$key]); + } + // do search $this->search();