Closes #1422 admin user actions now check for self before banning, deleting, or removing admin privileges

git-svn-id: http://code.elgg.org/elgg/trunk@7332 36083f99-b078-4883-b0ff-0f9b5a30f544
author: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-11-17 12:38:14 +0000
committer: cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-11-17 12:38:14 +0000
commit: fc7f4e880ddfed812438fabc791c5f5056f541e6 (patch)
tree: 41e6146d1dc35e149b75047c9deef3f937765051 /actions/admin/user/delete.php
parent: 66b0b9fe69ed698249b35ccfa8b601110fa99964 (diff)
download: elgg-fc7f4e880ddfed812438fabc791c5f5056f541e6.tar.gz
elgg-fc7f4e880ddfed812438fabc791c5f5056f541e6.tar.bz2
1 files changed, 10 insertions, 5 deletions
diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php
index e8d835722..a5e1886ec 100644
--- a/actions/admin/user/delete.php
+++ b/actions/admin/user/delete.php
@@ -15,13 +15,18 @@ admin_gatekeeper();
 
 // Get the user
 $guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
 
-$name = $obj->name;
-$username = $obj->username;
+if ($guid == get_loggedin_userid()) {
+	register_error(elgg_echo('admin:user:self:delete:no'));
+	forward(REFERER);
+}
+
+$name = $user->name;
+$username = $user->username;
 
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
-	if ($obj->delete()) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+	if ($user->delete()) {
 		system_message(elgg_echo('admin:user:delete:yes', array($name)));
 	} else {
 		register_error(elgg_echo('admin:user:delete:no'));
author	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-11-17 12:38:14 +0000
committer	cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-11-17 12:38:14 +0000
commit	fc7f4e880ddfed812438fabc791c5f5056f541e6 (patch)
tree	41e6146d1dc35e149b75047c9deef3f937765051 /actions/admin/user/delete.php
parent	66b0b9fe69ed698249b35ccfa8b601110fa99964 (diff)
download	elgg-fc7f4e880ddfed812438fabc791c5f5056f541e6.tar.gz elgg-fc7f4e880ddfed812438fabc791c5f5056f541e6.tar.bz2