aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/includes
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/includes')
-rw-r--r--phpBB/includes/auth.php12
-rw-r--r--phpBB/includes/functions_user.php26
2 files changed, 21 insertions, 17 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index de1b669eba..3b05652a87 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -486,8 +486,8 @@ class auth
{
global $db;
- $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
- $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
+ $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
+ $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_opts = '';
@@ -628,8 +628,8 @@ class auth
{
global $db;
- $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
- $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
+ $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : '';
+ $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_opts = '';
@@ -682,8 +682,8 @@ class auth
{
global $db;
- $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
- $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
+ $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : '';
+ $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : '';
$sql_opts = '';
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php
index 457e286840..69990a9524 100644
--- a/phpBB/includes/functions_user.php
+++ b/phpBB/includes/functions_user.php
@@ -2468,27 +2468,32 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna
return true;
}
-
/**
* A small version of validate_username to check for a group name's existence. To be called directly.
*/
-function group_validate_groupname($group_id, $groupname)
+function group_validate_groupname($group_id, $group_name)
{
global $config, $db;
- $groupname = utf8_clean_string($groupname);
+ $group_name = utf8_clean_string($group_name);
if (!empty($group_id))
{
$sql = 'SELECT group_name
- FROM ' . GROUPS_TABLE . '
- WHERE group_id = ' . (int)$group_id;
+ FROM ' . GROUPS_TABLE . '
+ WHERE group_id = ' . (int) $group_id;
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
-
- $allowed_groupname = utf8_clean_string($row['group_name']);
- if ($allowed_groupname == $groupname)
+
+ if (!$row)
+ {
+ return false;
+ }
+
+ $allowed_groupname = utf8_clean_string($row['group_name']);
+
+ if ($allowed_groupname == $group_name)
{
return false;
}
@@ -2496,7 +2501,7 @@ function group_validate_groupname($group_id, $groupname)
$sql = 'SELECT group_name
FROM ' . GROUPS_TABLE . "
- WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($groupname)) . "'";
+ WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'";
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
@@ -2505,11 +2510,10 @@ function group_validate_groupname($group_id, $groupname)
{
return 'GROUP_NAME_TAKEN';
}
+
return false;
}
-
-
/**
* Set users default group
*