From dcea41bfd951f89dcae4d7dfcc97615b6f044721 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Joshua=20R=C3=BCsweg?= Date: Sat, 15 Jul 2017 21:10:08 +0200 Subject: [PATCH] Validate if the user names are correct See #2315 --- .../files/acp/templates/userTrophyAdd.tpl | 6 ++- .../lib/acp/form/UserTrophyAddForm.class.php | 38 +++++++++++++++---- wcfsetup/install/lang/de.xml | 1 + wcfsetup/install/lang/en.xml | 1 + 4 files changed, 37 insertions(+), 9 deletions(-) diff --git a/wcfsetup/install/files/acp/templates/userTrophyAdd.tpl b/wcfsetup/install/files/acp/templates/userTrophyAdd.tpl index 335e7040bf..139d7a464d 100644 --- a/wcfsetup/install/files/acp/templates/userTrophyAdd.tpl +++ b/wcfsetup/install/files/acp/templates/userTrophyAdd.tpl @@ -44,7 +44,11 @@ {if $errorField == 'user'} - {if $errorType == 'empty'} + {if $errorType|is_array} + {foreach from=$errorType item='errorData'} + {lang}wcf.acp.trophy.userTrophy.user.error.{@$errorData.type}{/lang} + {/foreach} + {elseif $errorType == 'empty'} {lang}wcf.global.form.error.empty{/lang} {/if} diff --git a/wcfsetup/install/files/lib/acp/form/UserTrophyAddForm.class.php b/wcfsetup/install/files/lib/acp/form/UserTrophyAddForm.class.php index e9dfeb0f87..1bffb56885 100644 --- a/wcfsetup/install/files/lib/acp/form/UserTrophyAddForm.class.php +++ b/wcfsetup/install/files/lib/acp/form/UserTrophyAddForm.class.php @@ -3,11 +3,12 @@ namespace wcf\acp\form; use wcf\data\trophy\category\TrophyCategoryCache; use wcf\data\trophy\Trophy; use wcf\data\user\trophy\UserTrophyAction; -use wcf\data\user\UserList; +use wcf\data\user\UserProfile; use wcf\system\exception\UserInputException; use wcf\system\language\I18nHandler; use wcf\system\language\I18nValue; use wcf\system\WCF; +use wcf\util\ArrayUtil; use wcf\util\StringUtil; /** @@ -93,16 +94,35 @@ class UserTrophyAddForm extends AbstractAcpForm { if (isset($_POST['useCustomDescription'])) $this->useCustomDescription = 1; $this->trophy = new Trophy($this->trophyID); - + } + + /** + * Validates the users. + * + * @throws UserInputException + */ + protected function validateUser() { // read userIDs - $userAsArray = explode(',', $this->user); + $userAsArray = ArrayUtil::trim(explode(',', $this->user)); + + $userList = UserProfile::getUserProfilesByUsername($userAsArray); - $userList = new UserList(); - $userList->getConditionBuilder()->add('user_table.username IN (?)', [$userAsArray]); - $userList->readObjects(); + $error = []; - foreach ($userList as $user) { - $this->userIDs[] = $user->userID; + foreach ($userList as $username => $user) { + if ($user === null) { + $error[] = [ + 'type' => 'notFound', + 'username' => $username + ]; + } + else { + $this->userIDs[] = $user->userID; + } + } + + if (!empty($error)) { + throw new UserInputException('user', $error); } } @@ -118,6 +138,8 @@ class UserTrophyAddForm extends AbstractAcpForm { } } + $this->validateUser(); + if (empty($this->userIDs)) { throw new UserInputException('user'); } diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml index 98e936111a..c0f1ead99d 100644 --- a/wcfsetup/install/lang/de.xml +++ b/wcfsetup/install/lang/de.xml @@ -3639,6 +3639,7 @@ Die E-Mail-Adresse des neuen Benutzers lautet: {@$user->email} {$trophy->getTitle()} wirklich löschen?]]> + {$userTrophy->getTrophy()->getTitle()} von {$userTrophy->getUserProfile()->username} wirklich löschen?]]> diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml index 92e4bec057..5577dd0385 100644 --- a/wcfsetup/install/lang/en.xml +++ b/wcfsetup/install/lang/en.xml @@ -3626,6 +3626,7 @@ Open the link below to access the user profile: {$trophy->getTitle()}?]]> + {$userTrophy->getTrophy()->getTitle()} from {$userTrophy->getUserProfile()->username}?]]> -- 2.20.1