[aur-dev] [PATCH 3/4] fix case where user does not exist
Lukas Fleischer
archlinux at cryptocrack.de
Wed May 11 10:22:19 EDT 2011
On Tue, May 10, 2011 at 09:01:29PM -0700, elij wrote:
> the query was being performed when $id was not set, resulting in an
> invalid sql query being performed.
> ---
> web/lib/acctfuncs.inc | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
> index 5bcff8b..b2f0548 100644
> --- a/web/lib/acctfuncs.inc
> +++ b/web/lib/acctfuncs.inc
> @@ -786,6 +786,9 @@ function valid_passwd( $userID, $passwd )
> */
> function user_suspended( $id )
> {
> + if (!$id) {
> + return false;
> + }
> $dbh = db_connect();
> $q = "SELECT Suspended FROM Users WHERE ID = " . $id;
> $result = db_query($q, $dbh);
Looks ok, but I'd rather say we should locate the code path that led to
the unset parameter and add some additional validation there to avoid
further unexpected behaviour.
More information about the aur-dev
mailing list