From 101829b4dce2874bbe53264c1769bf9699527c2f Mon Sep 17 00:00:00 2001 From: battye Date: Mon, 26 Nov 2018 13:08:57 +0000 Subject: [ticket/15883] Add error for invalid usernames being added to a group Update the ACP and the UCP so that when bulk adding users to a group, if invalid usernames are submitted alongside valid usernames then a message will be displayed to inform the user what the invalid usernames are. PHPBB3-15883 --- phpBB/includes/functions_user.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index d019b867fa..e998ffdab9 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -26,8 +26,9 @@ if (!defined('IN_PHPBB')) * @param array &$user_id_ary The user ids to check or empty if usernames used * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type +* @param bool $update_references If false, the supplied array is unset and appears unchanged from where it was called */ -function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) +function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { global $db; @@ -50,7 +51,13 @@ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false) } $sql_in = ($which_ary == 'user_id_ary') ? array_map('intval', ${$which_ary}) : array_map('utf8_clean_string', ${$which_ary}); - unset(${$which_ary}); + + // By unsetting the array here, the values passed in at the point user_get_id_name() was called will be retained. + // Otherwise, if we don't unset (as the array was passed by reference) the original array will be updated below. + if ($update_references === false) + { + unset(${$which_ary}); + } $user_id_ary = $username_ary = array(); @@ -2676,6 +2683,13 @@ function group_user_add($group_id, $user_id_ary = false, $username_ary = false, return 'NO_USER'; } + // Because the item that gets passed into the previous function is unset, the reference is lost and our original + // array is retained - so we know there's a problem if there's a different number of ids to usernames now. + if (count($user_id_ary) != count($username_ary)) + { + return 'GROUP_USERS_INVALID'; + } + // Remove users who are already members of this group $sql = 'SELECT user_id, group_leader FROM ' . USER_GROUP_TABLE . ' -- cgit v1.2.1 From 3f19d32f768974454046f744f126515fb3747b99 Mon Sep 17 00:00:00 2001 From: battye Date: Fri, 4 Jan 2019 15:49:15 +0000 Subject: [ticket/15883] Review changes PHPBB3-15883 --- phpBB/includes/functions_user.php | 1 + 1 file changed, 1 insertion(+) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index e998ffdab9..2be9d089a5 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -27,6 +27,7 @@ if (!defined('IN_PHPBB')) * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type * @param bool $update_references If false, the supplied array is unset and appears unchanged from where it was called +* @return null */ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { -- cgit v1.2.1 From 08968bdb60c9ff286cb71901718500c7720f1da4 Mon Sep 17 00:00:00 2001 From: battye Date: Sat, 5 Jan 2019 08:19:21 +0000 Subject: [ticket/15883] Doc block change PHPBB3-15883 --- phpBB/includes/functions_user.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/functions_user.php') diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 2be9d089a5..71c4f41817 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -26,8 +26,8 @@ if (!defined('IN_PHPBB')) * @param array &$user_id_ary The user ids to check or empty if usernames used * @param array &$username_ary The usernames to check or empty if user ids used * @param mixed $user_type Array of user types to check, false if not restricting by user type -* @param bool $update_references If false, the supplied array is unset and appears unchanged from where it was called -* @return null +* @param boolean $update_references If false, the supplied array is unset and appears unchanged from where it was called +* @return boolean|string Returns false on success, error string on failure */ function user_get_id_name(&$user_id_ary, &$username_ary, $user_type = false, $update_references = false) { -- cgit v1.2.1