From 4db6b4febf26bfa987ef741b0271ee44e5fb462e Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 25 Aug 2014 11:10:18 -0400
Subject: [PATCH] Merge branch 'stable-3.0.5' of git.ispconfig.org:ispconfig/ispconfig3 into stable-3.0.5

---
 interface/web/tools/user_settings.php |   14 +++++++++++---
 1 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 42e5559..7065888 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -44,6 +44,10 @@
 //* Check permissions for module
 $app->auth->check_module_permissions('tools');
 
+if($_SESSION['s']['user']['typ'] == 'admin') {
+	$app->auth->check_security_permissions('admin_allow_new_admin');
+}
+
 // Loading classes
 $app->uses('tpl,tform,tform_actions');
 $app->load('tform_actions');
@@ -63,7 +67,7 @@
 		$app->tform->loadFormDef($tform_def_file);
 
 		// Importing ID
-		$this->id = $_SESSION['s']['user']['userid'];
+		$this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
 		$_POST['id'] = $_SESSION['s']['user']['userid'];
 
 		if(count($_POST) > 1) {
@@ -86,8 +90,12 @@
 		if($_POST['passwort'] != $_POST['repeat_password']) {
 			$app->tform->errorMessage = $app->tform->lng('password_mismatch');
 		}
-		$_SESSION['s']['user']['language'] = $_POST['language'];
-		$_SESSION['s']['language'] = $_POST['language'];
+		if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+			$_SESSION['s']['user']['language'] = $_POST['language'];
+			$_SESSION['s']['language'] = $_POST['language'];
+		} else {
+			$app->error('Invalid language.');
+		}
 	}
 
 

--
Gitblit v1.9.1