Skip to content

fix update user for empty username#1857

Merged
Frenzie merged 3 commits intoFreshRSS:devfrom
kevinpapst:fix-update-user
Apr 6, 2018
Merged

fix update user for empty username#1857
Frenzie merged 3 commits intoFreshRSS:devfrom
kevinpapst:fix-update-user

Conversation

@kevinpapst
Copy link
Copy Markdown
Contributor

@kevinpapst kevinpapst commented Apr 1, 2018

Minor fix for the page /i/?c=user&a=manage where you could previously hit the Update button and get a 500 error:

PHP message: PHP Fatal error:  Uncaught Error: Call to a member function save() on null in /xxx/app/Controllers/userController.php:67

I added a minor validation to prevent that.

Frenzie
Frenzie reviewed Apr 1, 2018
View reviewed changes
app/Controllers/userController.php Outdated

$username = Minz_Request::param('username');
$ok = self::updateUser($username, $passwordPlain, $apiPasswordPlain, array(
if (!empty($username)) {
Copy link
Copy Markdown
Member

@Frenzie Frenzie Apr 1, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would the check make more sense at the top of updateUser() itself? Perhaps similar issues could occur elsewhere.

if (empty($user) {
  return false;
}

Copy link
Copy Markdown
Contributor Author

@kevinpapst kevinpapst Apr 1, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But then the user won't get the visible feedback (see below for the Minz_Request::bad() call).
Depends on the wanted behavior in a case where the user submits an empty form.

Copy link
Copy Markdown
Member

@Frenzie Frenzie Apr 1, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I said updateUser(), ergo line 48. ;-)

(Not saying it's the way to go, but I definitely wasn't suggesting to avoid feedback.)

Copy link
Copy Markdown
Contributor Author

@kevinpapst kevinpapst Apr 1, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, misunderstood your suggestion. Thats better, as the function is used from multiple places.

@Alkarex Alkarex added this to the 1.11.0 milestone Apr 4, 2018
@Alkarex
Copy link
Copy Markdown
Member

Alkarex commented Apr 4, 2018

I have made a slight change, checking the user config object instead: 6fda584

@kevinpapst
Copy link
Copy Markdown
Contributor Author

kevinpapst commented Apr 6, 2018

Not much left of my changes hahaha but as $userConfig always returns null on errors and FreshRSS_user_Controller::checkUsername() will return false on empty usernames: looks good to me

@Frenzie Frenzie merged commit 6cda39a into FreshRSS:dev Apr 6, 2018
@kevinpapst kevinpapst deleted the fix-update-user branch April 6, 2018 19:20
Alkarex added a commit that referenced this pull request Apr 26, 2018
@Alkarex
Changelog 1871 etc.
2b8da26 
#879
#1828
#1829
#1844
#1845
#1856
#1857
#1858
#1869
#1871
@Alkarex Alkarex mentioned this pull request May 28, 2018
Merged
mdemoss pushed a commit to mdemoss/FreshRSS that referenced this pull request Mar 25, 2021
@kevinpapst @mdemoss
fix update user for empty username (FreshRSS#1857)
6ede56b
mdemoss pushed a commit to mdemoss/FreshRSS that referenced this pull request Mar 25, 2021
@Alkarex @mdemoss
Changelog 1871 etc.
e46c349 
FreshRSS#879
FreshRSS#1828
FreshRSS#1829
FreshRSS#1844
FreshRSS#1845
FreshRSS#1856
FreshRSS#1857
FreshRSS#1858
FreshRSS#1869
FreshRSS#1871
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Frenzie Frenzie Frenzie left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

1.11.0

Development

Successfully merging this pull request may close these issues.

3 participants

@kevinpapst @Alkarex @Frenzie