diff options
Diffstat (limited to 'phpBB/includes')
-rw-r--r-- | phpBB/includes/auth.php | 12 | ||||
-rw-r--r-- | phpBB/includes/functions_user.php | 26 |
2 files changed, 21 insertions, 17 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index de1b669eba..3b05652a87 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -486,8 +486,8 @@ class auth { global $db; - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; @@ -628,8 +628,8 @@ class auth { global $db; - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; @@ -682,8 +682,8 @@ class auth { global $db; - $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 457e286840..69990a9524 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -2468,27 +2468,32 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna return true; } - /** * A small version of validate_username to check for a group name's existence. To be called directly. */ -function group_validate_groupname($group_id, $groupname) +function group_validate_groupname($group_id, $group_name) { global $config, $db; - $groupname = utf8_clean_string($groupname); + $group_name = utf8_clean_string($group_name); if (!empty($group_id)) { $sql = 'SELECT group_name - FROM ' . GROUPS_TABLE . ' - WHERE group_id = ' . (int)$group_id; + FROM ' . GROUPS_TABLE . ' + WHERE group_id = ' . (int) $group_id; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - - $allowed_groupname = utf8_clean_string($row['group_name']); - if ($allowed_groupname == $groupname) + + if (!$row) + { + return false; + } + + $allowed_groupname = utf8_clean_string($row['group_name']); + + if ($allowed_groupname == $group_name) { return false; } @@ -2496,7 +2501,7 @@ function group_validate_groupname($group_id, $groupname) $sql = 'SELECT group_name FROM ' . GROUPS_TABLE . " - WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($groupname)) . "'"; + WHERE LOWER(group_name) = '" . $db->sql_escape(utf8_strtolower($group_name)) . "'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); @@ -2505,11 +2510,10 @@ function group_validate_groupname($group_id, $groupname) { return 'GROUP_NAME_TAKEN'; } + return false; } - - /** * Set users default group * |