diff options
author | Florian Pritz <bluewind@xinu.at> | 2024-04-14 12:59:00 +0200 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2024-04-14 14:20:00 +0200 |
commit | b2cfe36d7c07ac767113ad9dbd9ec27fc794f35c (patch) | |
tree | cd20fcfa578f29c431e892d7b2d7460efc1bec8e /application/libraries/Duser | |
parent | 698f486a795e19a680624d9aa8cd2802cab317f0 (diff) |
fix(duser_db): Guard against NULL values
When a user is deleted, their details are set to NULL. When no username
is specific for a password reset, this can trigger an email being sent
to an empty recipient which will not be deliverable.
Just to be safe, guard against NULL values for all the user related
functions.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/libraries/Duser')
-rw-r--r-- | application/libraries/Duser/drivers/Duser_db.php | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php index 062da9e54..e1df20f1f 100644 --- a/application/libraries/Duser/drivers/Duser_db.php +++ b/application/libraries/Duser/drivers/Duser_db.php @@ -24,6 +24,10 @@ class Duser_db extends Duser_Driver { { $CI =& get_instance(); + if ($username === null) { + return false; + } + $query = $CI->db->select('username, id, password') ->from('users') ->where('username', $username) @@ -48,6 +52,10 @@ class Duser_db extends Duser_Driver { { $CI =& get_instance(); + if ($username === null) { + return false; + } + $query = $CI->db->select('id') ->from('users') ->where('username', $username) @@ -64,6 +72,10 @@ class Duser_db extends Duser_Driver { { $CI =& get_instance(); + if ($userid === null) { + throw new \exceptions\ApiException("libraries/duser/db/get_email-failed", "User does not exist"); + } + $query = $CI->db->select('email') ->from('users') ->where('id', $userid) |