On Tue, May 10, 2011 at 09:01:29PM -0700, elij wrote:
the query was being performed when $id was not set, resulting in an invalid sql query being performed. --- web/lib/acctfuncs.inc | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 5bcff8b..b2f0548 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -786,6 +786,9 @@ function valid_passwd( $userID, $passwd ) */ function user_suspended( $id ) { + if (!$id) { + return false; + } $dbh = db_connect(); $q = "SELECT Suspended FROM Users WHERE ID = " . $id; $result = db_query($q, $dbh);
Looks ok, but I'd rather say we should locate the code path that led to the unset parameter and add some additional validation there to avoid further unexpected behaviour.