From b2cfe36d7c07ac767113ad9dbd9ec27fc794f35c Mon Sep 17 00:00:00 2001
From: Florian Pritz <bluewind@xinu.at>
Date: Sun, 14 Apr 2024 12:59:00 +0200
Subject: fix(duser_db): Guard against NULL values

When a user is deleted, their details are set to NULL. When no username
is specific for a password reset, this can trigger an email being sent
to an empty recipient which will not be deliverable.

Just to be safe, guard against NULL values for all the user related
functions.

Signed-off-by: Florian Pritz <bluewind@xinu.at>
---
 application/libraries/Duser/drivers/Duser_db.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'application')

diff --git a/application/libraries/Duser/drivers/Duser_db.php b/application/libraries/Duser/drivers/Duser_db.php
index 062da9e54..e1df20f1f 100644
--- a/application/libraries/Duser/drivers/Duser_db.php
+++ b/application/libraries/Duser/drivers/Duser_db.php
@@ -24,6 +24,10 @@ class Duser_db extends Duser_Driver {
 	{
 		$CI =& get_instance();
 
+		if ($username === null) {
+			return false;
+		}
+
 		$query = $CI->db->select('username, id, password')
 			->from('users')
 			->where('username', $username)
@@ -48,6 +52,10 @@ class Duser_db extends Duser_Driver {
 	{
 		$CI =& get_instance();
 
+		if ($username === null) {
+			return false;
+		}
+
 		$query = $CI->db->select('id')
 			->from('users')
 			->where('username', $username)
@@ -64,6 +72,10 @@ class Duser_db extends Duser_Driver {
 	{
 		$CI =& get_instance();
 
+		if ($userid === null) {
+			throw new \exceptions\ApiException("libraries/duser/db/get_email-failed", "User does not exist");
+		}
+
 		$query = $CI->db->select('email')
 			->from('users')
 			->where('id', $userid)
-- 
cgit v1.2.3-24-g4f1b