summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErik Webb2012-01-11 17:27:48 (GMT)
committer Erik Webb2012-01-11 17:27:48 (GMT)
commit3c688c3b4a3ed96fdc4b89883595633338c7ebb6 (patch)
tree75ec5e8fe716916fee6b816a25d12b62976b763e
parent355580d1f0ee6aa372d801896014a638eae653a4 (diff)
Adds text sanitization to policy names and confirmation form for unblocking users.6.x-1.4
-rw-r--r--password_policy.admin.inc2
-rw-r--r--password_policy.module48
2 files changed, 41 insertions, 9 deletions
diff --git a/password_policy.admin.inc b/password_policy.admin.inc
index 56b9590..4f25be6 100644
--- a/password_policy.admin.inc
+++ b/password_policy.admin.inc
@@ -135,7 +135,7 @@ function password_policy_admin_list() {
if ($row['enabled']) {
$enabled[] = $pid;
}
- $form[$pid]['name'] = array('#value' => $row['name']);
+ $form[$pid]['name'] = array('#value' => check_plain($row['name']));
$form[$pid]['roles'] = array('#value' => theme('item_list', _password_policy_admin_list_roles($pid)));
$form['weight'][$pid] = array('#type' => 'weight', '#default_value' => $row['weight']);
$form[$pid]['view'] = array('#value' => l(t('view'), 'admin/settings/password_policy/'. $pid));
diff --git a/password_policy.module b/password_policy.module
index b073806..f275785 100644
--- a/password_policy.module
+++ b/password_policy.module
@@ -145,8 +145,8 @@ function password_policy_menu() {
$items['admin/user/expired/unblock/%pp_uid'] = array(
'title' => 'Unblock',
'type' => MENU_CALLBACK,
- 'page callback' => 'password_policy_expired_unblock',
- 'page arguments' => array(4),
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('password_policy_expired_unblock_confirm', 4),
'access arguments' => array('unblock expired accounts'),
);
return $items;
@@ -551,7 +551,7 @@ function password_policy_expired_list() {
$entry[$row->uid]['name'] = l($row->name, 'user/'. $row->uid);
$entry[$row->uid]['blocked'] = format_date($row->blocked, 'medium');
$entry[$row->uid]['unblocked'] = $row->unblocked < $row->blocked ? '' : format_date($row->unblocked, 'medium');
- $entry[$row->uid]['action'] = $row->unblocked < $row->blocked ? l(t('unblock'), 'admin/user/expired/unblock/'. $row->uid) : '';
+ $entry[$row->uid]['action'] = $row->unblocked < $row->blocked ? l(t('unblock'), 'admin/user/expired/unblock/' . $row->uid, array('query' => array('destination' => 'admin/user/expired'))) : '';
}
if (!isset($entry)) {
$colspan = '4';
@@ -564,11 +564,30 @@ function password_policy_expired_list() {
}
/**
+ * Confirm unblocking the expired account.
+ */
+function password_policy_expired_unblock_confirm($form, $account) {
+ return confirm_form(
+ array(
+ 'account' => array(
+ '#type' => 'value',
+ '#value' => $account,
+ ),
+ ),
+ t('Are you sure you would like to unblock the user %user?', array('%user' => $account->name)),
+ 'admin/user/expired',
+ t('This action cannot be undone.'),
+ t('Unblock user'),
+ t('Cancel')
+ );
+}
+
+/**
* Unblocks the expired account.
*/
-function password_policy_expired_unblock($account) {
+function password_policy_expired_unblock_confirm_submit($form, &$form_state) {
// Unblock the user
- _password_policy_unblock($account);
+ _password_policy_unblock($form_state['values']['account']);
drupal_goto('admin/user/expired');
}
@@ -833,9 +852,22 @@ function _password_policy_block_account($account) {
* User object.
*/
function _password_policy_unblock($account) {
- // Unblock the user.
- user_save($account, array('status' => 1));
- drupal_set_message(t('The user %name has been unblocked.', array('%name' => $account->name)));
+ // Check if user was blocked via this module.
+ $pp_blocked = db_result(db_query(
+ 'SELECT pid FROM {password_policy_expiration} ppe
+ WHERE blocked <> 0
+ AND unblocked IS NULL
+ AND uid = %d', $account->uid
+ ));
+
+ if ($pp_blocked) {
+ db_query('UPDATE {password_policy_expiration} ppe
+ SET unblocked = %d
+ WHERE uid = %d AND unblocked IS NULL', time(), $account->uid);
+ // Unblock the user.
+ user_save($account, array('status' => 1));
+ drupal_set_message(t('The user %name has been unblocked.', array('%name' => $account->name)));
+ }
}
/**