summaryrefslogtreecommitdiffstats
path: root/application
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2024-04-14 12:59:00 +0200
committerFlorian Pritz <bluewind@xinu.at>2024-04-14 14:20:00 +0200
commitb2cfe36d7c07ac767113ad9dbd9ec27fc794f35c (patch)
treecd20fcfa578f29c431e892d7b2d7460efc1bec8e /application
parent698f486a795e19a680624d9aa8cd2802cab317f0 (diff)
fix(duser_db): Guard against NULL values
When a user is deleted, their details are set to NULL. When no username is specific for a password reset, this can trigger an email being sent to an empty recipient which will not be deliverable. Just to be safe, guard against NULL values for all the user related functions. Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application')
-rw-r--r--application/libraries/Duser/drivers/Duser_db.php12
1 files changed, 12 insertions, 0 deletions
diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
index 062da9e54..e1df20f1f 100644
--- a/application/libraries/Duser/drivers/Duser_db.php
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -24,6 +24,10 @@ class Duser_db extends Duser_Driver {
{
$CI =& get_instance();
+ if ($username === null) {
+ return false;
+ }
+
$query = $CI->db->select('username, id, password')
->from('users')
->where('username', $username)
@@ -48,6 +52,10 @@ class Duser_db extends Duser_Driver {
{
$CI =& get_instance();
+ if ($username === null) {
+ return false;
+ }
+
$query = $CI->db->select('id')
->from('users')
->where('username', $username)
@@ -64,6 +72,10 @@ class Duser_db extends Duser_Driver {
{
$CI =& get_instance();
+ if ($userid === null) {
+ throw new \exceptions\ApiException("libraries/duser/db/get_email-failed", "User does not exist");
+ }
+
$query = $CI->db->select('email')
->from('users')
->where('id', $userid)
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-11-16 10:50:18 +0100