Merge pull request #12207 from MrPetovan/bug/12187-register-uid-0

Ensure register records aren't created with uid = 0
This commit is contained in:
Tobias Diekershoff 2022-11-19 15:52:53 +01:00 committed by GitHub
commit 8609fe2f5e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 59 additions and 37 deletions

View file

@ -23,6 +23,7 @@ namespace Friendica\Model;
use Friendica\Content\Pager; use Friendica\Content\Pager;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Network\HTTPException;
use Friendica\Util\DateTimeFormat; use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings; use Friendica\Util\Strings;
@ -113,21 +114,27 @@ class Register
} }
/** /**
* Creates a register record for approval and returns the success of the database insert * Creates a register record for approval
* Checks for the existence of the provided user id * Checks for the existence of the provided user id
* *
* @param integer $uid The ID of the user needing approval * @param integer $uid The ID of the user needing approval
* @param string $language The registration language * @param string $language The registration language
* @param string $note An additional message from the user * @param string $note An additional message from the user
* @return boolean * @return void
* @throws \Exception * @throws \OutOfBoundsException
* @throws HTTPException\InternalServerErrorException
* @throws HTTPException\NotFoundException
*/ */
public static function createForApproval(int $uid, string $language, string $note = ''): bool public static function createForApproval(int $uid, string $language, string $note = ''): void
{ {
$hash = Strings::getRandomHex(); $hash = Strings::getRandomHex();
if (!$uid) {
throw new \OutOfBoundsException("User ID can't be empty");
}
if (!User::exists($uid)) { if (!User::exists($uid)) {
return false; throw new HTTPException\NotFoundException("User ID doesn't exist");
} }
$fields = [ $fields = [
@ -139,7 +146,9 @@ class Register
'note' => $note 'note' => $note
]; ];
return DBA::insert('register', $fields); if (!DBA::insert('register', $fields)) {
throw new HTTPException\InternalServerErrorException('Unable to insert a `register` record');
}
} }
/** /**

View file

@ -353,6 +353,7 @@ class Register extends BaseModule
} }
} elseif (intval(DI::config()->get('config', 'register_policy')) === self::APPROVE) { } elseif (intval(DI::config()->get('config', 'register_policy')) === self::APPROVE) {
if (!User::getAdminEmailList()) { if (!User::getAdminEmailList()) {
$this->logger->critical('Registration policy is set to APPROVE but no admin email address has been set in config.admin_email');
DI::sysmsg()->addNotice(DI::l10n()->t('Your registration can not be processed.')); DI::sysmsg()->addNotice(DI::l10n()->t('Your registration can not be processed.'));
DI::baseUrl()->redirect(); DI::baseUrl()->redirect();
} }
@ -362,10 +363,17 @@ class Register extends BaseModule
DI::sysmsg()->addNotice(DI::l10n()->t('You have to leave a request note for the admin.') DI::sysmsg()->addNotice(DI::l10n()->t('You have to leave a request note for the admin.')
. DI::l10n()->t('Your registration can not be processed.')); . DI::l10n()->t('Your registration can not be processed.'));
DI::baseUrl()->redirect('register/'); $this->baseUrl->redirect('register');
} }
Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']); try {
Model\Register::createForApproval($user['uid'], DI::config()->get('system', 'language'), $_POST['permonlybox']);
} catch (\Throwable $e) {
$this->logger->error('Unable to create a `register` record.', ['user' => $user]);
DI::sysmsg()->addNotice(DI::l10n()->t('An internal error occured.')
. DI::l10n()->t('Your registration can not be processed.'));
$this->baseUrl->redirect('register');
}
// invite system // invite system
if ($using_invites && $invite_id) { if ($using_invites && $invite_id) {

View file

@ -8,7 +8,7 @@ msgid ""
msgstr "" msgstr ""
"Project-Id-Version: 2022.12-dev\n" "Project-Id-Version: 2022.12-dev\n"
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2022-11-15 21:34+0000\n" "POT-Creation-Date: 2022-11-19 07:52-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n" "Language-Team: LANGUAGE <LL@li.org>\n"
@ -26,7 +26,7 @@ msgstr ""
#: mod/fbrowser.php:119 mod/fbrowser.php:146 mod/photos.php:999 #: mod/fbrowser.php:119 mod/fbrowser.php:146 mod/photos.php:999
#: mod/photos.php:1100 src/Content/Conversation.php:389 #: mod/photos.php:1100 src/Content/Conversation.php:389
#: src/Module/Contact/Follow.php:171 src/Module/Contact/Revoke.php:109 #: src/Module/Contact/Follow.php:171 src/Module/Contact/Revoke.php:109
#: src/Module/Contact/Unfollow.php:126 src/Module/Post/Edit.php:165 #: src/Module/Contact/Unfollow.php:126 src/Module/Post/Edit.php:164
#: src/Module/Post/Tag/Remove.php:109 src/Module/Profile/RemoteFollow.php:134 #: src/Module/Post/Tag/Remove.php:109 src/Module/Profile/RemoteFollow.php:134
#: src/Module/Security/TwoFactor/SignOut.php:125 #: src/Module/Security/TwoFactor/SignOut.php:125
msgid "Cancel" msgid "Cancel"
@ -531,7 +531,7 @@ msgid "Do not show a status post for this upload"
msgstr "" msgstr ""
#: mod/photos.php:934 mod/photos.php:1288 src/Content/Conversation.php:373 #: mod/photos.php:934 mod/photos.php:1288 src/Content/Conversation.php:373
#: src/Module/Calendar/Event/Form.php:253 src/Module/Post/Edit.php:180 #: src/Module/Calendar/Event/Form.php:253 src/Module/Post/Edit.php:179
msgid "Permissions" msgid "Permissions"
msgstr "" msgstr ""
@ -652,7 +652,7 @@ msgstr ""
#: mod/photos.php:1334 mod/photos.php:1390 mod/photos.php:1464 #: mod/photos.php:1334 mod/photos.php:1390 mod/photos.php:1464
#: src/Content/Conversation.php:386 src/Module/Calendar/Event/Form.php:248 #: src/Content/Conversation.php:386 src/Module/Calendar/Event/Form.php:248
#: src/Module/Item/Compose.php:199 src/Module/Post/Edit.php:163 #: src/Module/Item/Compose.php:199 src/Module/Post/Edit.php:162
#: src/Object/Post.php:997 #: src/Object/Post.php:997
msgid "Preview" msgid "Preview"
msgstr "" msgstr ""
@ -1228,27 +1228,27 @@ msgid "attach file"
msgstr "" msgstr ""
#: src/Content/Conversation.php:346 src/Module/Item/Compose.php:190 #: src/Content/Conversation.php:346 src/Module/Item/Compose.php:190
#: src/Module/Post/Edit.php:169 src/Object/Post.php:988 #: src/Module/Post/Edit.php:168 src/Object/Post.php:988
msgid "Bold" msgid "Bold"
msgstr "" msgstr ""
#: src/Content/Conversation.php:347 src/Module/Item/Compose.php:191 #: src/Content/Conversation.php:347 src/Module/Item/Compose.php:191
#: src/Module/Post/Edit.php:170 src/Object/Post.php:989 #: src/Module/Post/Edit.php:169 src/Object/Post.php:989
msgid "Italic" msgid "Italic"
msgstr "" msgstr ""
#: src/Content/Conversation.php:348 src/Module/Item/Compose.php:192 #: src/Content/Conversation.php:348 src/Module/Item/Compose.php:192
#: src/Module/Post/Edit.php:171 src/Object/Post.php:990 #: src/Module/Post/Edit.php:170 src/Object/Post.php:990
msgid "Underline" msgid "Underline"
msgstr "" msgstr ""
#: src/Content/Conversation.php:349 src/Module/Item/Compose.php:193 #: src/Content/Conversation.php:349 src/Module/Item/Compose.php:193
#: src/Module/Post/Edit.php:172 src/Object/Post.php:991 #: src/Module/Post/Edit.php:171 src/Object/Post.php:991
msgid "Quote" msgid "Quote"
msgstr "" msgstr ""
#: src/Content/Conversation.php:350 src/Module/Item/Compose.php:194 #: src/Content/Conversation.php:350 src/Module/Item/Compose.php:194
#: src/Module/Post/Edit.php:173 src/Object/Post.php:992 #: src/Module/Post/Edit.php:172 src/Object/Post.php:992
msgid "Code" msgid "Code"
msgstr "" msgstr ""
@ -1258,12 +1258,12 @@ msgid "Image"
msgstr "" msgstr ""
#: src/Content/Conversation.php:352 src/Module/Item/Compose.php:196 #: src/Content/Conversation.php:352 src/Module/Item/Compose.php:196
#: src/Module/Post/Edit.php:174 src/Object/Post.php:994 #: src/Module/Post/Edit.php:173 src/Object/Post.php:994
msgid "Link" msgid "Link"
msgstr "" msgstr ""
#: src/Content/Conversation.php:353 src/Module/Item/Compose.php:197 #: src/Content/Conversation.php:353 src/Module/Item/Compose.php:197
#: src/Module/Post/Edit.php:175 src/Object/Post.php:995 #: src/Module/Post/Edit.php:174 src/Object/Post.php:995
msgid "Link or Media" msgid "Link or Media"
msgstr "" msgstr ""
@ -1289,12 +1289,12 @@ msgid "clear location"
msgstr "" msgstr ""
#: src/Content/Conversation.php:360 src/Module/Item/Compose.php:205 #: src/Content/Conversation.php:360 src/Module/Item/Compose.php:205
#: src/Module/Post/Edit.php:155 #: src/Module/Post/Edit.php:154
msgid "Set title" msgid "Set title"
msgstr "" msgstr ""
#: src/Content/Conversation.php:362 src/Module/Item/Compose.php:206 #: src/Content/Conversation.php:362 src/Module/Item/Compose.php:206
#: src/Module/Post/Edit.php:157 #: src/Module/Post/Edit.php:156
msgid "Categories (comma-separated list)" msgid "Categories (comma-separated list)"
msgstr "" msgstr ""
@ -1312,16 +1312,16 @@ msgstr ""
#: src/Content/Conversation.php:396 src/Content/Widget/VCard.php:113 #: src/Content/Conversation.php:396 src/Content/Widget/VCard.php:113
#: src/Model/Profile.php:465 src/Module/Admin/Logs/View.php:93 #: src/Model/Profile.php:465 src/Module/Admin/Logs/View.php:93
#: src/Module/Post/Edit.php:178 #: src/Module/Post/Edit.php:177
msgid "Message" msgid "Message"
msgstr "" msgstr ""
#: src/Content/Conversation.php:397 src/Module/Post/Edit.php:179 #: src/Content/Conversation.php:397 src/Module/Post/Edit.php:178
#: src/Module/Settings/TwoFactor/Trusted.php:139 #: src/Module/Settings/TwoFactor/Trusted.php:139
msgid "Browser" msgid "Browser"
msgstr "" msgstr ""
#: src/Content/Conversation.php:399 src/Module/Post/Edit.php:182 #: src/Content/Conversation.php:399 src/Module/Post/Edit.php:181
msgid "Open Compose page" msgid "Open Compose page"
msgstr "" msgstr ""
@ -2246,7 +2246,7 @@ msgstr ""
msgid "CC: email addresses" msgid "CC: email addresses"
msgstr "" msgstr ""
#: src/Core/ACL.php:327 src/Module/Post/Edit.php:158 #: src/Core/ACL.php:327 src/Module/Post/Edit.php:157
msgid "Example: bob@example.com, mary@example.com" msgid "Example: bob@example.com, mary@example.com"
msgstr "" msgstr ""
@ -3285,7 +3285,7 @@ msgstr ""
msgid "Title/Description:" msgid "Title/Description:"
msgstr "" msgstr ""
#: src/Model/Profile.php:1019 src/Module/Admin/Summary.php:215 #: src/Model/Profile.php:1019 src/Module/Admin/Summary.php:217
#: src/Module/Moderation/Summary.php:77 #: src/Module/Moderation/Summary.php:77
msgid "Summary" msgid "Summary"
msgstr "" msgstr ""
@ -3613,7 +3613,7 @@ msgstr ""
#: src/Module/Admin/Federation.php:202 src/Module/Admin/Logs/Settings.php:79 #: src/Module/Admin/Federation.php:202 src/Module/Admin/Logs/Settings.php:79
#: src/Module/Admin/Logs/View.php:84 src/Module/Admin/Queue.php:72 #: src/Module/Admin/Logs/View.php:84 src/Module/Admin/Queue.php:72
#: src/Module/Admin/Site.php:431 src/Module/Admin/Storage.php:138 #: src/Module/Admin/Site.php:431 src/Module/Admin/Storage.php:138
#: src/Module/Admin/Summary.php:214 src/Module/Admin/Themes/Details.php:90 #: src/Module/Admin/Summary.php:216 src/Module/Admin/Themes/Details.php:90
#: src/Module/Admin/Themes/Index.php:111 src/Module/Admin/Tos.php:75 #: src/Module/Admin/Themes/Index.php:111 src/Module/Admin/Tos.php:75
#: src/Module/Moderation/Users/Create.php:61 #: src/Module/Moderation/Users/Create.php:61
#: src/Module/Moderation/Users/Pending.php:96 #: src/Module/Moderation/Users/Pending.php:96
@ -5117,11 +5117,11 @@ msgstr ""
msgid "Server Settings" msgid "Server Settings"
msgstr "" msgstr ""
#: src/Module/Admin/Summary.php:217 #: src/Module/Admin/Summary.php:219
msgid "Version" msgid "Version"
msgstr "" msgstr ""
#: src/Module/Admin/Summary.php:221 #: src/Module/Admin/Summary.php:223
msgid "Active addons" msgid "Active addons"
msgstr "" msgstr ""
@ -8081,11 +8081,11 @@ msgstr ""
msgid "Invalid photo with id %s." msgid "Invalid photo with id %s."
msgstr "" msgstr ""
#: src/Module/Post/Edit.php:82 src/Module/Post/Edit.php:94 #: src/Module/Post/Edit.php:82 src/Module/Post/Edit.php:96
msgid "Post not found." msgid "Post not found."
msgstr "" msgstr ""
#: src/Module/Post/Edit.php:101 #: src/Module/Post/Edit.php:102
msgid "Edit post" msgid "Edit post"
msgstr "" msgstr ""
@ -8449,15 +8449,20 @@ msgstr ""
msgid "Registration successful." msgid "Registration successful."
msgstr "" msgstr ""
#: src/Module/Register.php:356 src/Module/Register.php:363 #: src/Module/Register.php:357 src/Module/Register.php:364
#: src/Module/Register.php:374
msgid "Your registration can not be processed." msgid "Your registration can not be processed."
msgstr "" msgstr ""
#: src/Module/Register.php:362 #: src/Module/Register.php:363
msgid "You have to leave a request note for the admin." msgid "You have to leave a request note for the admin."
msgstr "" msgstr ""
#: src/Module/Register.php:387 #: src/Module/Register.php:373
msgid "An internal error occured."
msgstr ""
#: src/Module/Register.php:395
msgid "Your registration is pending approval by the site owner." msgid "Your registration is pending approval by the site owner."
msgstr "" msgstr ""