bug 1236: Fixed show detail problem
authorINOPIAE <inopiae@cacert.org>
Mon, 6 Jan 2014 08:19:30 +0000 (09:19 +0100)
committerINOPIAE <inopiae@cacert.org>
Mon, 6 Jan 2014 08:19:30 +0000 (09:19 +0100)
includes/account.php

index f28cf49..67f0e7a 100644 (file)
@@ -25,6 +25,8 @@
        $id = 0; if(array_key_exists("id",$_REQUEST)) $id=intval($_REQUEST['id']);
        $oldid = 0; if(array_key_exists("oldid",$_REQUEST)) $oldid=intval($_REQUEST['oldid']);
        $process = ""; if(array_key_exists("process",$_REQUEST)) $process=$_REQUEST['process'];
+//     $showdetalis refers to Secret Question and Answers from account/13.php
+       $showdetails = ""; if(array_key_exists("showdetails",$_REQUEST)) $showdetails=$_REQUEST['showdetails'];
 
        $cert=0; if(array_key_exists('cert',$_REQUEST)) $cert=intval($_REQUEST['cert']);
        $orgid=0; if(array_key_exists('orgid',$_REQUEST)) $orgid=intval($_REQUEST['orgid']);
                mysql_query("update `emailcerts` set `disablelogin`='$disablelogin', `description`='$description' where `id`='".$_REQUEST['certid']."' and `memid`='".$_SESSION['profile']['id']."'");
        }
 
-       if($oldid == 13 && $process != "")
+       if($oldid == 13 && $process != "" && $showdetails!="")
        {
                csrf_check("perschange");
                $_SESSION['_config']['user'] = $_SESSION['profile'];
                                                where `id`='".$_SESSION['profile']['id']."'";
                        mysql_query($query);
                }
-               $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
-                                               `Q2`='".$_SESSION['_config']['user']['Q2']."',
-                                               `Q3`='".$_SESSION['_config']['user']['Q3']."',
-                                               `Q4`='".$_SESSION['_config']['user']['Q4']."',
-                                               `Q5`='".$_SESSION['_config']['user']['Q5']."',
-                                               `A1`='".$_SESSION['_config']['user']['A1']."',
-                                               `A2`='".$_SESSION['_config']['user']['A2']."',
-                                               `A3`='".$_SESSION['_config']['user']['A3']."',
-                                               `A4`='".$_SESSION['_config']['user']['A4']."',
-                                               `A5`='".$_SESSION['_config']['user']['A5']."'
-                                               where `id`='".$_SESSION['profile']['id']."'";
-               mysql_query($query);
+               if ($showdetails!="") {
+                       $query = "update `users` set `Q1`='".$_SESSION['_config']['user']['Q1']."',
+                                                       `Q2`='".$_SESSION['_config']['user']['Q2']."',
+                                                       `Q3`='".$_SESSION['_config']['user']['Q3']."',
+                                                       `Q4`='".$_SESSION['_config']['user']['Q4']."',
+                                                       `Q5`='".$_SESSION['_config']['user']['Q5']."',
+                                                       `A1`='".$_SESSION['_config']['user']['A1']."',
+                                                       `A2`='".$_SESSION['_config']['user']['A2']."',
+                                                       `A3`='".$_SESSION['_config']['user']['A3']."',
+                                                       `A4`='".$_SESSION['_config']['user']['A4']."',
+                                                       `A5`='".$_SESSION['_config']['user']['A5']."'
+                                                       where `id`='".$_SESSION['profile']['id']."'";
+                       mysql_query($query);
+               }
 
                //!!!Should be rewritten
                $_SESSION['_config']['user']['otphash'] = trim(mysql_real_escape_string(stripslashes(strip_tags($_REQUEST['otphash']))));