Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-10950

Deleting user with undelivered PMs causes SQL error

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.11-RC1
    • Fix Version/s: 3.0.11-RC2
    • Component/s: ACP
    • Labels:
      None

      Description

      When attempting to delete a user who has undelivered PMs, a SQL error occurs because a user ID is not provided to the query.

      General Error
      SQL ERROR [ mysqli ]
       
      You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 4 [1064]
       
      SQL
       
      UPDATE phpbb_users SET user_new_privmsg = user_new_privmsg - 1, user_unread_privmsg = user_unread_privmsg - 1 WHERE user_id = 
       
      BACKTRACE
       
      FILE: (not given by php)
      LINE: (not given by php)
      CALL: msg_handler()
       
      FILE: [ROOT]/includes/db/dbal.php
      LINE: 757
      CALL: trigger_error()
       
      FILE: [ROOT]/includes/db/mysqli.php
      LINE: 182
      CALL: dbal->sql_error()
       
      FILE: [ROOT]/includes/functions_privmsgs.php
      LINE: 1193
      CALL: dbal_mysqli->sql_query()
       
      FILE: [ROOT]/includes/functions_user.php
      LINE: 536
      CALL: phpbb_delete_user_pms()
       
      FILE: [ROOT]/includes/acp/acp_users.php
      LINE: 198
      CALL: user_delete()
       
      FILE: [ROOT]/includes/functions_module.php
      LINE: 507
      CALL: acp_users->main()
       
      FILE: [ROOT]/adm/index.php
      LINE: 75
      CALL: p_master->load_active()

      This appears to be caused by PHPBB3-10605.

        Issue Links

          Activity

          Hide
          bantu Andreas Fischer added a comment -
          Show
          bantu Andreas Fischer added a comment - Caused by https://github.com/nickvergessen/phpbb3/commit/17f5c6bf71f560be2f4e2ecabae83ab2973bec47 which no longer selects user_id.
          Hide
          nickvergessen Joas Schilling added a comment -

          Please comment, whether you agree on the change in the behaviour I suggested here:
          http://wiki.phpbb.com/Deleting_Private_Messages#3.0.11_.2F_Desired

          Currently a PM is deleted, when there are no receipts left anymore (okay), but also when the message is undelivered for one user (others may already have read it and so the pm is removed maybe against their will).

          I'd suggest to not delete undelivered PMs, but just keep and deliver them.

          The only problem this might cause, is that when a spamer in your board sends hundreds of messages to all users, all users will receive them and have to deal with them, because they are not deleted anymore.

          Show
          nickvergessen Joas Schilling added a comment - Please comment, whether you agree on the change in the behaviour I suggested here: http://wiki.phpbb.com/Deleting_Private_Messages#3.0.11_.2F_Desired Currently a PM is deleted, when there are no receipts left anymore (okay), but also when the message is undelivered for one user (others may already have read it and so the pm is removed maybe against their will). I'd suggest to not delete undelivered PMs, but just keep and deliver them. The only problem this might cause, is that when a spamer in your board sends hundreds of messages to all users, all users will receive them and have to deal with them, because they are not deleted anymore.
          Hide
          DavidIQ David Colón added a comment -

          Perhaps the behavior should be the same as when one tries to recall an e-mail message:

          If it's one recipient and the recipient has not read the message the message is deleted and recipient sometimes ends up with a "Bob has recalled email with title: Read this" type of message. phpBB does something similar to this right now.
          If the user has read the message then recalling fails.
          If it's to multiple recipients and none have read the message then the behavior is the same as when it's one recipient and message is recalled.
          If any of the users have read the message then recalling fails just like in the case of a single recipient having read the email.

          I would not go the route of not allowing deletion of undelivered PMs.

          Show
          DavidIQ David Colón added a comment - Perhaps the behavior should be the same as when one tries to recall an e-mail message: If it's one recipient and the recipient has not read the message the message is deleted and recipient sometimes ends up with a "Bob has recalled email with title: Read this" type of message. phpBB does something similar to this right now. If the user has read the message then recalling fails. If it's to multiple recipients and none have read the message then the behavior is the same as when it's one recipient and message is recalled. If any of the users have read the message then recalling fails just like in the case of a single recipient having read the email. I would not go the route of not allowing deletion of undelivered PMs.
          Hide
          brunoais brunoais added a comment -

          In both situations I didn't get an SQL error. Checked for more possible situations and also no problems. IMO, it's verified.

          Show
          brunoais brunoais added a comment - In both situations I didn't get an SQL error. Checked for more possible situations and also no problems. IMO, it's verified.

            People

            • Assignee:
              nickvergessen Joas Schilling
              Reporter:
              Noxwizard Patrick Webster
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development