diff options
Diffstat (limited to 'phpBB/includes/functions_user.php')
| -rw-r--r-- | phpBB/includes/functions_user.php | 46 |
1 files changed, 42 insertions, 4 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index d019b867fa..5f2dea3b94 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -26,8 +26,10 @@ if (!defined('IN_PHPBB')) * @param array &$user_id_ary The user ids to check or empty if usernames used * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type +* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called +* @return boolean|string Returns false on success, error string on failure */ -function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) +function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { global $db; @@ -50,7 +52,13 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) } $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary}); - unset(${$which_ary}); + + // By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained. + // Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below. + if ($update_references === false) + { + unset(${$which_ary}); + } $user_id_ary = $username_ary = array(); @@ -666,8 +674,30 @@ function user_delete($mode, $user_ids, $retain_username = true) delete_posts('poster_id', $user_ids); } - $table_ary = array(USERS_TABLE, USER_GROUP_TABLE, TOPICS_WATCH_TABLE, FORUMS_WATCH_TABLE, ACL_USERS_TABLE, TOPICS_TRACK_TABLE, TOPICS_POSTED_TABLE, FORUMS_TRACK_TABLE, PROFILE_FIELDS_DATA_TABLE, MODERATOR_CACHE_TABLE, DRAFTS_TABLE, BOOKMARKS_TABLE, SESSIONS_KEYS_TABLE, PRIVMSGS_FOLDER_TABLE, PRIVMSGS_RULES_TABLE, $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), $phpbb_container->getParameter('tables.auth_provider_oauth_states'), $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc')); - + $table_ary = [ + USERS_TABLE, + USER_GROUP_TABLE, + TOPICS_WATCH_TABLE, + FORUMS_WATCH_TABLE, + ACL_USERS_TABLE, + TOPICS_TRACK_TABLE, + TOPICS_POSTED_TABLE, + FORUMS_TRACK_TABLE, + PROFILE_FIELDS_DATA_TABLE, + MODERATOR_CACHE_TABLE, + DRAFTS_TABLE, + BOOKMARKS_TABLE, + SESSIONS_KEYS_TABLE, + PRIVMSGS_FOLDER_TABLE, + PRIVMSGS_RULES_TABLE, + $phpbb_container->getParameter('tables.auth_provider_oauth_token_storage'), + $phpbb_container->getParameter('tables.auth_provider_oauth_states'), + $phpbb_container->getParameter('tables.auth_provider_oauth_account_assoc'), + $phpbb_container->getParameter('tables.user_notifications') + ]; + + // Ignore errors on deleting from non-existent tables, e.g. when migrating + $db->sql_return_on_error(true); // Delete the miscellaneous (non-post) data for the user foreach ($table_ary as $table) { @@ -675,6 +705,7 @@ function user_delete($mode, $user_ids, $retain_username = true) WHERE " . $user_id_sql; $db->sql_query($sql); } + $db->sql_return_on_error(); $cache->destroy('sql', MODERATOR_CACHE_TABLE); @@ -2676,6 +2707,13 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, return 'NO_USER'; } + // Because the item that gets passed into the previous function is unset, the reference is lost and our original + // array is retained - so we know there's a problem if there's a different number of ids to usernames now. + if (count($user_id_ary) != count($username_ary)) + { + return 'GROUP_USERS_INVALID'; + } + // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' |