From: Vincent Zanotti <vincent.zanotti@m4x.org>
Date: Sat, 4 Apr 2009 10:13:49 +0000 (+0200)
Subject: Prevents password hashs from being broadcasted by email (Closes #965).
X-Git-Tag: xorg/0.10.1~124
X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=8e3803d81ad0d7cc45174c3fe285d47df2adb579;p=platal.git

Prevents password hashs from being broadcasted by email (Closes #965).

Signed-off-by: Vincent Zanotti <vincent.zanotti@m4x.org>
---

diff --git a/modules/admin.php b/modules/admin.php
index 40df9da..9c84011 100644
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -572,6 +572,12 @@ class AdminModule extends PLModule
                         user_reindex($user->id());
                         $new_fields = XDB::query($watch_query, $user->id())->fetchOneAssoc();
 
+                        // Redacts the password in the notification, to avoiding transmitting
+                        // sensitive information by email.
+                        $new_fields['password'] = ($old_fields['password'] != $new_fields['password'] ? 'new' : 'old');
+                        $old_fields['password'] = 'old';
+
+                        // Emails the admins to notify the profile update.
                         $mailer = new PlMailer("admin/useredit.mail.tpl");
                         $mailer->assign("admin", S::user()->login());
                         $mailer->assign("user", $user->login());