From 3c23bfaee208fa12adf5cdd9d8e9882612199d03 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Roland=20H=C3=A4der?= Date: Thu, 5 Nov 2009 15:01:03 +0000 Subject: [PATCH] Rewrite for fetchUserData() --- inc/functions.php | 19 +++++++++++++------ inc/mysql-manager.php | 28 ++++++++++++++++------------ 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/inc/functions.php b/inc/functions.php index aa83e13b74..e1ed3428f2 100644 --- a/inc/functions.php +++ b/inc/functions.php @@ -1326,13 +1326,13 @@ function bigintval ($num, $castValue = true) { $ret = preg_replace('/[^0123456789]/', '', $num); // Shall we cast? - if ($castValue) $ret = (double)$ret; + if ($castValue === true) $ret = (double)$ret; // Has the whole value changed? // @TODO Remove this if() block if all is working fine if ('' . $ret . '' != '' . $num . '') { // Log the values - //debug_report_bug("{$ret}<>{$num}"); + debug_report_bug('Problem with number found. ret=' . $ret . ', num='. $num); } // END - if // Return result @@ -1340,17 +1340,24 @@ function bigintval ($num, $castValue = true) { } // Insert the code in $img_code into jpeg or PNG image -function generateImageOrCode ($img_code, $headerSent=true) { +function generateImageOrCode ($img_code, $headerSent = true) { + // Is the code size oversized or shouldn't we display it? if ((strlen($img_code) > 6) || (empty($img_code)) || (getConfig('code_length') == 0)) { // Stop execution of function here because of over-sized code length - return; + debug_report_bug('img_code ' . $img_code .' has invalid length. img_code()=' . strlen($img_code) . ' code_length=' . getConfig('code_length')); } elseif ($headerSent === false) { - // Return in an HTML code code + // Return an HTML code here return "\"Image\"\n"; } // Load image - $img = sprintf("%s/theme/%s/images/code_bg.%s", getConfig('PATH'), getCurrentTheme(), getConfig('img_type')); + $img = sprintf("%s/theme/%s/images/code_bg.%s", + getConfig('PATH'), + getCurrentTheme(), + getConfig('img_type') + ); + + // Is it readable? if (isFileReadable($img)) { // Switch image type switch (getConfig('img_type')) diff --git a/inc/mysql-manager.php b/inc/mysql-manager.php index c57e681367..17b3ae9f72 100644 --- a/inc/mysql-manager.php +++ b/inc/mysql-manager.php @@ -634,27 +634,31 @@ function isMember () { // Fetch user data for given user id function fetchUserData ($userid, $column='userid') { - // Set it here - setCurrentUserId($userid); + // If we should look for userid secure&set it here + if (substr($column, -2, 2) == 'id') { + // Secure userid + $userid = bigintval($userid); + + // Set it here + setCurrentUserId($userid); - // Don't look for invalid userids... - if ($userid < 1) { - // Invalid, so abort here - debug_report_bug('User id ' . $userid . ' is invalid.'); + // Don't look for invalid userids... + if ($userid < 1) { + // Invalid, so abort here + debug_report_bug('User id ' . $userid . ' is invalid.'); + } elseif (isUserDataValid()) { + // Use cache, so it is fine + return true; + } } elseif (isUserDataValid()) { // Use cache, so it is fine return true; } + // By default none was found $found = false; - // Do we have userid/refid? - if (($column == 'userid') || ($column == 'refid')) { - // Then secure the id - $userid = bigintval($userid); - } // END - if - // Query for the user $result = SQL_QUERY_ESC("SELECT * FROM `{?_MYSQL_PREFIX?}_user_data` WHERE `%s`='%s' LIMIT 1", array($column, $userid), __FUNCTION__, __LINE__); -- 2.39.5