prevent admin hijacks

2011-01-04 22:17:58 -08:00
parent 45c1559b38
commit bb0c24bd4f
3 changed files with 10 additions and 1 deletions
--- a/mod/settings.php
+++ b/mod/settings.php
@@ -95,6 +95,10 @@ function settings_post(&$a) {
 		$email_changed = true;
        if(! valid_email($email))
 			$err .= t(' Not valid email.');
+		if((x($a->config,'admin_email')) && (strcasecmp($email,$a->config['admin_email']) == 0)) {
+			$err .= t(' Cannot change to that email.');
+			$email = $a->user['email'];
+		}
 	}

 	if(strlen($err)) {