Check for existance of group- and usernames, don't mix OC_USER and OC_GROUP!

14 years ago · f22c05deab
parent b37fb9142f
commit f22c05deab
3 changed files with 16 additions and 4 deletions
--- a/lib/User/database.php
+++ b/lib/User/database.php
@ -74,10 +74,6 @@ class OC_USER_DATABASE extends OC_USER_BACKEND {
 	 * Deletes a user
 	 */
 	public static function deleteUser( $uid ){
-		// Delete user
-		$query = OC_DB::prepare( "DELETE FROM `*PREFIX*users` WHERE uid = ?" );
-		$result = $query->execute( array( $uid ));
-
 		// Delete user-group-relation
 		$query = OC_DB::prepare( "DELETE FROM `*PREFIX*group_user` WHERE uid = ?" );
 		$result = $query->execute( array( $uid ));
--- a/lib/group.php
+++ b/lib/group.php
@ -104,6 +104,11 @@ class OC_GROUP {
 		if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $gid )){
 			return false;
 		}
+		// No empty group names!
+		if( !$gid ){
+			return false;
+		}
+
 		$run = true;
 		OC_HOOK::emit( "OC_GROUP", "pre_createGroup", array( "run" => &$run, "gid" => $gid ));

--- a/lib/user.php
+++ b/lib/user.php
@ -114,6 +114,11 @@ class OC_USER {
 		if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $uid )){
 			return false;
 		}
+		// No empty username
+		if( !$uid ){
+			return false;
+		}
+
 		$run = true;
 		OC_HOOK::emit( "OC_USER", "pre_createUser", array( "run" => &$run, "uid" => $uid, "password" => $password ));

@ -138,6 +143,12 @@ class OC_USER {
 		OC_HOOK::emit( "OC_USER", "pre_deleteUser", array( "run" => &$run, "uid" => $uid ));

 		if( $run && self::$_backend->deleteUser( $uid )){
+			// We have to delete the user from all groups
+			foreach( OC_GROUP::getUserGroups( $uid ) as $i ){
+				OC_GROUP::removeFromGroup( $uid, $i );
+			}
+
+			// Emit and exit
 			OC_HOOK::emit( "OC_USER", "post_deleteUser", array( "uid" => $uid ));
 			return true;
 		}