summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2015-09-28 23:29:59 +0200
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2015-09-28 23:29:59 +0200
commit14c47f4d8506334bff1137d0190c82917d471a31 (patch)
tree17a1309f4c7d6abcc2585981021004097f901e59
parent7af384d1ab11d773ecabf9f71c21f2fcfe758e07 (diff)
downloadwebadmin-kolab-webadmin-3.2.10.tar.gz
The client user-interface, and not the API, should protect a user against removing their own entry (#1080).kolab-webadmin-3.2.10
The API however must continue to allow the user to delete one-self.
-rw-r--r--lib/Auth/LDAP.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Auth/LDAP.php b/lib/Auth/LDAP.php
index 29fd3e1..06aed37 100644
--- a/lib/Auth/LDAP.php
+++ b/lib/Auth/LDAP.php
@@ -1173,7 +1173,7 @@ class LDAP extends Net_LDAP3 {
$entry_dn = $this->entry_dn($entry, $attributes, $base_dn);
// object not found or self deletion
- if (!$entry_dn || $entry_dn == $_SESSION['user']->user_bind_dn) {
+ if (!$entry_dn) {
return false;
}