cast $newRole to int when passed to setRole()

SeedDMS_Core/Core/inc.ClassUser.php

@@ -472,7 +472,8 @@ class SeedDMS_Core_User { /* {{{ */
 	 */
 	function setRole($newrole) { /* {{{ */
 		$db = $this->_dms->getDB();
-		$newrole = intval($newrole);
+		if(!in_array($newrole, array(SeedDMS_Core_User::role_admin, SeedDMS_Core_User::role_guest, SeedDMS_Core_User::role_user), true))
+			return false;
 
 		$queryStr = "UPDATE `tblUsers` SET `role` = " . $newrole . " WHERE `id` = " . $this->_id;
 		if (!$db->getResult($queryStr))