When editing a user, if role is not client, some fields should be alw…

…ays null (phone, contact, address)
projectsend · Jan 19, 2022 · beacbae · beacbae
1 parent 3cf659e
commit beacbae
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/includes/Classes/Users.php b/includes/Classes/Users.php
@@ -550,6 +550,14 @@ public function edit()
 
         $this->password_hashed = $this->hashPassword($this->password);
 
+        // Some fields should not be allowed to be written if the current user is not a client,
+        // as they are meant to be null for system users
+        if ($this->role != 0) {
+            $this->address = null;
+            $this->phone = null;
+            $this->contact = null;
+        }
+
 		if (strlen($this->password_hashed) >= 20) {
 
 			$this->state['hash'] = 1;