summaryrefslogtreecommitdiffstats
path: root/editusers.cgi
diff options
context:
space:
mode:
authorgerv%gerv.net <>2002-05-02 05:54:10 +0200
committergerv%gerv.net <>2002-05-02 05:54:10 +0200
commite3fe36b5ef56c20b3c3fa4edea99c5de2febb9a2 (patch)
tree7c18c8464b5e491df6a86262c821e4a58300057e /editusers.cgi
parenta4185828bb55a5c55c8a1da1a8e319caf16e4478 (diff)
downloadbugzilla-e3fe36b5ef56c20b3c3fa4edea99c5de2febb9a2.tar.gz
bugzilla-e3fe36b5ef56c20b3c3fa4edea99c5de2febb9a2.tar.xz
Bug 141557 - modification to user deletion code in editusers.cgi - prevent allowuserdeletion being bypassed. Patch by gerv; 2xr=myk.
Diffstat (limited to 'editusers.cgi')
-rwxr-xr-xeditusers.cgi2
1 files changed, 2 insertions, 0 deletions
diff --git a/editusers.cgi b/editusers.cgi
index ad124032e..06c293e2d 100755
--- a/editusers.cgi
+++ b/editusers.cgi
@@ -528,6 +528,7 @@ if ($action eq 'del') {
if (!$candelete) {
print "Sorry, deleting users isn't allowed.";
PutTrailer();
+ exit;
}
if (!$editall) {
print "Sorry, you don't have permissions to delete users.";
@@ -657,6 +658,7 @@ if ($action eq 'delete') {
if (!$candelete) {
print "Sorry, deleting users isn't allowed.";
PutTrailer();
+ exit;
}
if (!$editall) {
print "Sorry, you don't have permissions to delete users.";