Skip to content

Commit 2757279

Browse files
author
Kristan Kenney
committed
Prevent other admins from accessing edit user page for default admin
1 parent 8afc997 commit 2757279

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

web/edit/user/index.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
}
2424

2525
// Prevent other users with admin privileges from editing properties of default 'admin' user
26-
if (($_SESSION['userContext'] == 'admin') && (isset($_SESSION['look']) && ($user == 'admin'))) {
26+
if (($_SESSION['userContext'] == 'admin') && (isset($_SESSION['look'])) && ($user == 'admin') || ($_SESSION['userContext'] == 'admin') && (!isset($_SESSION['look'])) && ($user == 'admin') && ($_SESSION['user'] != 'admin')) {
2727
header("Location: /list/user/");
2828
exit;
2929
}

0 commit comments

Comments
 (0)