Merge pull request #212 from iConn/patch-4

Critical Security - Privilege Scalation
thyseus · Sep 15, 2016 · fc27335 · fc27335
2 parents f314752 + e12c745
commit fc27335
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/user/controllers/YumUserController.php b/user/controllers/YumUserController.php
@@ -233,6 +233,7 @@ public function actionUpdate($id) {
 
 		if(isset($_POST['YumUser'])) {
 			$user->attributes = $_POST['YumUser'];
+			$user->scenario = Yii::app()->user->hasRole('UserManager') ? 'managerUserUpdate' : 'userUpdate';
 
 			$user->validate();
 			if($profile && isset($_POST['YumProfile']) )