Page 1 of 1

[LOW:FIXED 6484:1.0.11] Bug found in com_registration 1.0.10

Posted: Thu Jul 13, 2006 8:32 am
by ircmaxell
In function activate($option), I believe there is an error...  If the UPDATE fails, it just tells the user that activation was completed.  There should be another error message to say that activation failed...

Code: Select all

	$query = "SELECT id"
	. "\n FROM #__users"
	. "\n WHERE activation = '$activation'"
	. "\n AND block = 1"
	;
	$database->setQuery( $query );
	$result = $database->loadResult();

	if ($result) {
		$query = "UPDATE #__users"
		. "\n SET block = 0, activation = ''"
		. "\n WHERE activation = '$activation'"
		. "\n AND block = 1"
		;
		$database->setQuery( $query );
		if (!$database->query()) {
			echo "SQL error" . $database->stderr(true);
		}
		echo _REG_ACTIVATE_COMPLETE;
	} else {
		echo _REG_ACTIVATE_NOT_FOUND;
	}
}

Re: Possible bug found in com_registration 1.0.10

Posted: Thu Jul 13, 2006 8:57 am
by RobS
ircmaxell wrote: In function activate($option), I believe there is an error...  If the UPDATE fails, it just tells the user that activation was completed.  There should be another error message to say that activation failed...

Code: Select all

	$query = "SELECT id"
	. "\n FROM #__users"
	. "\n WHERE activation = '$activation'"
	. "\n AND block = 1"
	;
	$database->setQuery( $query );
	$result = $database->loadResult();

	if ($result) {
		$query = "UPDATE #__users"
		. "\n SET block = 0, activation = ''"
		. "\n WHERE activation = '$activation'"
		. "\n AND block = 1"
		;
		$database->setQuery( $query );
		if (!$database->query()) {
			echo "SQL error" . $database->stderr(true);
		}
		echo _REG_ACTIVATE_COMPLETE;
	} else {
		echo _REG_ACTIVATE_NOT_FOUND;
	}
}
Looking at the code I think he may be right as database->stderr() does not appear to end script execution.  Perhaps it should be:

Code: Select all

	$query = "SELECT id"
	. "\n FROM #__users"
	. "\n WHERE activation = '$activation'"
	. "\n AND block = 1"
	;
	$database->setQuery( $query );
	$result = $database->loadResult();

	if ($result) {
		$query = "UPDATE #__users"
		. "\n SET block = 0, activation = ''"
		. "\n WHERE activation = '$activation'"
		. "\n AND block = 1"
		;
		$database->setQuery( $query );
		if (!$database->query()) {
			echo "SQL error" . $database->stderr(true);
		} else {
  			echo _REG_ACTIVATE_COMPLETE;
		}
	} else {
		echo _REG_ACTIVATE_NOT_FOUND;
	}
}

Re: Possible bug found in com_registration 1.0.10

Posted: Wed Oct 18, 2006 7:33 pm
by Robin
Q&T Note; Status > Under review. Code of 1.0.11 and latest SVN still looks the same.

Re: [LOW:TRACKER 6484:1.0.11] Bug found in com_registration 1.0.10

Posted: Thu Oct 19, 2006 6:08 pm
by RobS
Q&T Note; Status> Added to tracker.  Artifact 6484.  http://forge.joomla.org/sf/go/artf6484?nav=1

Re: [LOW:TRACKER 6484:1.0.11] Bug found in com_registration 1.0.10

Posted: Mon Dec 04, 2006 1:20 pm
by Robin
Fixed for next release.