Uploaded image for project: 'Support Team Tools'
  1. Support Team Tools
  2. STT-313

Hazardous "Restore Deleted Users" (empty name)

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Resolution: Fixed
    • Component/s: Support Toolkit
    • Labels:
      None

      Description

      I'm able to do STK > User/Group Tools > Restore Deleted Users > Select users to restore > (no name): > tick > Submit. That's possible because offering those options also offers posts where the username is empty. However, upon evaluating this user's choice it turns out the old name was (empty) and the new name should be the same (/stk/tools/usergroup/restore_deleted_users.php):

                  $non_conflicted = $this->_conflicted($selected_clean);
       
                  foreach ($non_conflicted as $user)
                  {
                      $this->_add_user_and_update_data($user, $user);
                  } 


      So, what's bad about that? Well, user_add() will return FALSE if the username is empty. That means this line:

              <span class="syntaxcomment">// Add the user
              $user_id = user_add($user_ary); 

      ...will set $user_id to 0. Now guess what's the mess when this one is executed:

              <span class="syntaxcomment">// Update posts table
              $sql = 'UPDATE ' . POSTS_TABLE . '
                  SET poster_id = ' . (int) $user_id . ", post_username = ''
                  WHERE post_username = '" . $db->sql_escape($oldname) . "'";
              $db->sql_query($sql); 


      My suggestions:
      Check user_add() to actually return an ordinal higher than zero, otherwise throw error.
      Secure the SQL query by adding 'AND poster_id= '. ANONYMOUS to make sure no already associated posts will be overwritten.
      Secure the other SQL queries around the same way.
      Noticed this when analyzing this topic: Posts table poster_id all set to 0

        Attachments

          Activity

            People

            • Assignee:
              Noxwizard Patrick Webster
              Reporter:
              AmigoJack AmigoJack
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: