From 5d854dcce1702532c6b3b17dbc97f5db5a036bea Mon Sep 17 00:00:00 2001
From: javieralapps4up <javieral@apps4up.com>
Date: Thu, 21 Oct 2021 18:17:43 +0200
Subject: [PATCH 1/3] FIX #19064

Access forbidden when the password of other users is changed

Steps to reproduce the behavior

User with lire and password (user) perms, but no creer.

When this user saves or cancels the edition of the password of another user, he is sent to the prohibited page
---
 htdocs/core/lib/security.lib.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 4c36244a5bf..89211113d58 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -417,6 +417,9 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 					if ($subfeature == 'user' && $user->id == $objectid && $user->rights->user->self->password) {
 						continue; // User can edit its own password
 					}
+					if ($subfeature == 'user' && $user->id != $objectid && $user->rights->user->user->password) {
+						continue; // User can edit its own password
+					}
 
 					if (empty($user->rights->$feature->$subfeature->creer)
 					&& empty($user->rights->$feature->$subfeature->write)

From f50dfe85717f1ac9b875ec1a0be66542f82b4ae8 Mon Sep 17 00:00:00 2001
From: javieralapps4up <javieral@apps4up.com>
Date: Thu, 21 Oct 2021 18:20:06 +0200
Subject: [PATCH 2/3] Update security.lib.php

---
 htdocs/core/lib/security.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/core/lib/security.lib.php b/htdocs/core/lib/security.lib.php
index 89211113d58..978fd604021 100644
--- a/htdocs/core/lib/security.lib.php
+++ b/htdocs/core/lib/security.lib.php
@@ -418,7 +418,7 @@ function restrictedArea($user, $features, $objectid = 0, $tableandshare = '', $f
 						continue; // User can edit its own password
 					}
 					if ($subfeature == 'user' && $user->id != $objectid && $user->rights->user->user->password) {
-						continue; // User can edit its own password
+						continue; // User can edit another user's password
 					}
 
 					if (empty($user->rights->$feature->$subfeature->creer)

From 0020a5c61c8ed1e6265baee6dc115643d143b2f6 Mon Sep 17 00:00:00 2001
From: javieralapps4up <javieral@apps4up.com>
Date: Fri, 22 Oct 2021 02:53:37 +0200
Subject: [PATCH 3/3] Update card.php

When you edit a user (with read others and change password others), the form allows the civility_code to be changed but the changes are not saved. I will propose a change in the user card to avoid this
---
 htdocs/user/card.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/htdocs/user/card.php b/htdocs/user/card.php
index 8d03d1d1cfb..429de7fd1a6 100644
--- a/htdocs/user/card.php
+++ b/htdocs/user/card.php
@@ -2036,7 +2036,11 @@ if ($action == 'create' || $action == 'adduserldap') {
 
 			// Civility
 			print '<tr><td class="titlefieldcreate"><label for="civility_code">'.$langs->trans("UserTitle").'</label></td><td colspan="3">';
-			print $formcompany->select_civility(GETPOSTISSET("civility_code") ? GETPOST("civility_code", 'aZ09') : $object->civility_code, 'civility_code');
+			if ($caneditfield && !$object->ldap_sid) {
+				print $formcompany->select_civility(GETPOSTISSET("civility_code") ? GETPOST("civility_code", 'aZ09') : $object->civility_code, 'civility_code');
+			} elseif ($object->civility_code) {
+				print $langs->trans("Civility".$object->civility_code);
+			}
 			print '</td></tr>';
 
 			// Lastname