Closes #1422 admin user actions now check for self before banning, deleting, or removing admin privileges

git-svn-id: http://code.elgg.org/elgg/trunk@7332 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 9 insertions, 4 deletions

diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php
index 6622673e6..5ad6c29c5 100644
--- a/actions/admin/user/ban.php
+++ b/actions/admin/user/ban.php
@@ -12,10 +12,15 @@
 admin_gatekeeper();
 
 $guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
 
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
-	if ($obj->ban('banned')) {
+if ($guid == get_loggedin_userid()) {
+	register_error(elgg_echo('admin:user:self:ban:no'));
+	forward(REFERER);
+}
+
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->ban('banned')) {
 		system_message(elgg_echo('admin:user:ban:yes'));
 	} else {
 		register_error(elgg_echo('admin:user:ban:no'));
@@ -24,4 +29,4 @@ if (($obj instanceof ElggUser) && ($obj->canEdit())) {
 	register_error(elgg_echo('admin:user:ban:no'));
 }
 
-forward('pg/admin/user/');
\ No newline at end of file
+forward(REFERER);
\ No newline at end of file