From a7fd745e00c3280733584da9ca126b4d8bd77998 Mon Sep 17 00:00:00 2001 From: Alexander Ebert Date: Fri, 16 Mar 2012 15:56:38 +0100 Subject: [PATCH] You can now longer delete yourself, added validations Fixes #524 --- .../files/lib/data/user/UserAction.class.php | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/wcfsetup/install/files/lib/data/user/UserAction.class.php b/wcfsetup/install/files/lib/data/user/UserAction.class.php index 2e0f64cde4..628bfc2a9d 100644 --- a/wcfsetup/install/files/lib/data/user/UserAction.class.php +++ b/wcfsetup/install/files/lib/data/user/UserAction.class.php @@ -57,9 +57,19 @@ class UserAction extends AbstractDatabaseObjectAction { $userIDs = array(); foreach ($this->objects as $user) { + // you cannot delete yourself + if ($user->userID == WCF::getUser()->userID) { + continue; + } + $userIDs[] = $user->userID; } + // list might be empty because only our own user id was given + if (empty($userIDs)) { + throw new ValidateActionException("Invalid object id"); + } + // validate groups $conditions = new PreparedStatementConditionBuilder(); $conditions->add("userID IN (?)", array($userIDs)); @@ -167,9 +177,28 @@ class UserAction extends AbstractDatabaseObjectAction { } } + /** + * Validates parameters to search for users and -groups. + */ public function validateGetList() { + if (!isset($this->parameters['data']['searchString'])) { + throw new ValidateActionException("Missing parameter 'searchString'"); + } + + if (!isset($this->parameters['data']['includeUserGroups'])) { + throw new ValidateActionException("Missing parameter 'includeUserGroups'"); + } + + if (isset($this->parameters['data']['excludedSearchValues']) && !is_array($this->parameters['data']['excludedSearchValues'])) { + throw new ValidateActionException("Invalid parameter 'excludedSearchValues' given"); + } } + /** + * Returns a list of users and -groups based upon given search criteria. + * + * @return array + */ public function getList() { $searchString = $this->parameters['data']['searchString']; $excludedSearchValues = array(); -- 2.20.1