From: Brion Vibber <brion@users.mediawiki.org>
Date: Fri, 28 Dec 2007 02:53:19 +0000 (+0000)
Subject: Move input validation for groups changes up so the logging matches the actions performed
X-Git-Tag: 1.31.0-rc.0~50249
X-Git-Url: https://git.cyclocoop.org/%28%28?a=commitdiff_plain;h=504a0b878311f378a1c8f152f4816bda59d2b2eb;p=lhc%2Fweb%2Fwiklou.git

Move input validation for groups changes up so the logging matches the actions performed
---

diff --git a/includes/SpecialUserrights.php b/includes/SpecialUserrights.php
index 634fb3f2e6..5dfe4dacb6 100644
--- a/includes/SpecialUserrights.php
+++ b/includes/SpecialUserrights.php
@@ -94,24 +94,27 @@ class UserrightsForm extends HTMLForm {
 		if( !$user ) {
 			return;
 		}
+		
+		// Validate input set...
+		$changeable = $this->changeableGroups();
+		$removegroup = array_unique(
+			array_intersect( (array)$removegroup, $changeable['remove'] ) );
+		$addgroup = array_unique(
+			array_intersect( (array)$addgroup, $changeable['add'] ) );
 
 		$oldGroups = $user->getGroups();
 		$newGroups = $oldGroups;
 		// remove then add groups
-		if(isset($removegroup)) {
+		if( $removegroup ) {
 			$newGroups = array_diff($newGroups, $removegroup);
 			foreach( $removegroup as $group ) {
-				if( $this->canRemove( $group ) ) {
-					$user->removeGroup( $group );
-				}
+				$user->removeGroup( $group );
 			}
 		}
-		if(isset($addgroup)) {
+		if( $addgroup ) {
 			$newGroups = array_merge($newGroups, $addgroup);
 			foreach( $addgroup as $group ) {
-				if( $this->canAdd( $group ) ) {
-					$user->addGroup( $group );
-				}
+				$user->addGroup( $group );
 			}
 		}
 		$newGroups = array_unique( $newGroups );