Fix for https://bugs.cacert.org/view.php?id=1195

"Take out change ability on pages/account/6.php"
11 years ago · 0d230706fc
parent e75af67956
commit 0d230706fc
3 changed files with 3 additions and 39 deletions
--- a/includes/account.php
+++ b/includes/account.php
@ -1189,24 +1189,6 @@
 		exit;
 	}
 	if($oldid == 6 && $_REQUEST['certid'] != "")
 	{
 		if(trim($_REQUEST['description']) != ""){
 			$description= trim(mysql_real_escape_string(stripslashes($_REQUEST['description'])));
 		}else{
 			$description= "";
 		}
 		if(trim($_REQUEST['disablelogin']) == "1"){
 			$disablelogin = 1;
 		}else{
 			$disablelogin = 0;
 		}
 		mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
 	}
 	if($oldid == 13 && $process != "" && $showdetails!="")
 	{
 		csrf_check("perschange");
--- a/pages/account/5.php
+++ b/pages/account/5.php
@ -91,7 +91,7 @@
    <td class="DataTD"><?=$row['revoke']?></td>
    <td class="DataTD"><?=$row['expires']?></td>
    <td class="DataTD">
-      <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+      <input type="checkbox" name="disablelogin_<?=$row['id']?>" value="1" <?=$row['disablelogin']?"":'checked="checked"'?>/>
      <input type="hidden" name="cert_<?=$row['id']?>" value="1" />
    </td>
    <td class="DataTD"><input name="comment_<?=$row['id']?>" type="text" value="<?=htmlspecialchars($row['description'])?>" /></td>
--- a/pages/account/6.php
+++ b/pages/account/6.php
@ -115,7 +115,6 @@ if (array_key_exists('format', $_REQUEST)) {
 	echo "<pre>$cert</pre>";
 	?>
 <form method="post" action="account.php">
 <table align="center" valign="middle" border="0" cellspacing="0" cellpadding="0" class="wrapper">
 	<tr>
 		<td colspan="2" class="title"><?=_("Information about the certificate")?></td>
@ -132,16 +131,6 @@ if (array_key_exists('format', $_REQUEST)) {
 	if($row['revoked'] == 0)
 		$row['revoke'] = _("Not Revoked");
 ?>
 	<tr>
 		<td class="DataTD"><?=_("Renew/Revoke/Delete")?></td>
 <? if($verified != _("Pending") && $verified != _("Revoked")) { ?>
 		<td class="DataTD"><input type="checkbox" name="revokeid[<?=$row['id']?>]" ></td>
 <? } else if($verified != _("Revoked")) { ?>
 		<td class="DataTD"><input type="checkbox" name="delid[<?=$row['id']?>]"></td>
 <? } else { ?>
 		<td class="DataTD">&nbsp;</td>
 <? } ?>
 	</tr>
 	<tr>
 		<td class="DataTD"><?=_("Status")?></td>
 		<td class="DataTD"><?=$verified?></td>
@ -165,21 +154,14 @@ if (array_key_exists('format', $_REQUEST)) {
 	<tr>
 		<td class="DataTD"><?=_("Login")?></td>
 		<td class="DataTD">
-			<input type="checkbox" name="disablelogin" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
+			<input type="checkbox" name="disablelogin" disabled="disabled" value="1" <?=$row['disablelogin']?"":"checked='checked'"?>/>
 		</td>
 	</tr>
 	<tr>
 		<td class="DataTD"><?=_("Comment")?></td>
-		<td class="DataTD"><input type="text" name="description" maxlength="100" size=100 value="<?=htmlspecialchars($row['description'])?>"></td>
+		<td class="DataTD"><?=htmlspecialchars($row['description'])?></td>
 	</tr>
 	<tr>
 		<td class="DataTD" colspan="2"><input type="submit" name="change" value="<?=_("Change settings")?>"> </td>
 	</tr>
 </table>
 <input type="hidden" name="oldid" value="6">
 <input type="hidden" name="certid" value="<?=$certid?>">
 </form>
 <?
 	showfooter();
 	exit;