Won't fix XenForo_DataWriter_Helper_User

silence

Well-known member
Here is the function:

PHP:
    public static function verifyUserId(&$user_id, XenForo_DataWriter $dw, $fieldName = false)
    {
        $db = XenForo_Application::getDb();
        $existing_user_id = $db->fetchOne('
                SELECT user_id
                FROM xf_user
                WHERE user_id = ?
            ', $user_id);

        if ($existing_user_id == $user_id)
        {
            return true;
        }

        $dw->error(new XenForo_Phrase('requested_user_not_found'), $fieldName);
        return false;
    }
Basically I'm using it to check if user_id 0 is valid. It queries `xf_user` for 0, returns false. Then it checks if the query and the parameter user_id are equal, and since false = 0, it returns true!

Soooooooooo yeah is this a glitch cause it feels like it is to me :C
 

tyteen4a03

Well-known member
Not sure what you are onto about - $existing_user_id should be null in your case.

Have you already tested with user_id 0?
 

silence

Well-known member
Not sure what you are onto about - $existing_user_id should be null in your case.

Have you already tested with user_id 0?
Yes and it returns true. I made a temp fix in my addon and just check if user_id is 0. If so, return false.
 

Jon W

Well-known member
Since $existing_user_id will always either equal $user_id or null, then why not just replace:
PHP:
if ($existing_user_id == $user_id)
        {
            return true;
        }
with
PHP:
if ($existing_user_id)
        {
            return true;
        }
 

Mike

XenForo developer
Staff member
This would potentially be a big BC break so this won't be changed for some period. If you need the behavior to be different, you'll need to run your own code.
 

silence

Well-known member
This would potentially be a big BC break so this won't be changed for some period. If you need the behavior to be different, you'll need to run your own code.
Ok already did! Thanks for the response!
 

Mike

XenForo developer
Staff member
No, not necessarily. I'm not promising anything would change here - it's only debatably a bug, as there are various situations where a 0 user_id can be expected and allowed.
 
Top