phpBB • Free and Open Source Forum Software

RSS Facebook Twitter

Bug tracker

This ticket has been moved to our new tracker. Open Ticket PHPBB3-8292 now.

Error - "The requested users to be added do not exist." (fix completed in vcs)

In some time the user when try to send pm from another user's profile get the error "The requested users to be added do not exist."
The problem in the follow code's in includes/ucp/ucp_pm_compose.php:
Code: Select all
   // Build usernames to add
   $usernames = (isset($_REQUEST['username'])) ? array(request_var('username', '', true)) : array();
   $username_list = request_var('username_list', '', true);
   if ($username_list)
   {
      $usernames = array_merge($usernames, explode("\n", $username_list));
   }

and:
Code: Select all
      // Reveal the correct user_ids
      if (sizeof($usernames))
      {
         $user_id_ary = array();
         user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE));

         // If there are users not existing, we will at least print a notice...
         if (!sizeof($user_id_ary))
         {
            $error[] = $user->lang['PM_NO_USERS'];
         }
      }

$_REQUEST array by default contains the contents of $_GET, $_POST and $_COOKIE. If the cookies has "username" variable (from other applications) this code return error to user.

Comments / History

Posted by Eelke (QA Team) on Apr 28th 2009, 08:46

Do you have a proposition how phpBB should address this? Can you explain why it is phpBB that should fix this if it is some other application that places a username variable in the cookie array?

I don't think integration with other applications is a specific advertised feature of phpBB, so I can't see how this is a bug in phpBB. There are some facilities for it, but YMMV, so to say.

Posted by nissin on Apr 28th 2009, 15:09

It is simply. In this case don't need to check $_REQUEST array directly. Use only the request_var function. This function check this case. The sample of code:

// Build usernames to add
$usernames = request_var('username', '', true);
if (empty($usernames))
{
$usernames = array();
}
else
{
$usernames = array($usernames);
}
...

Posted by nissin on Apr 28th 2009, 15:20

Another way, check only $_POST and $_GET arrays (not $_REQUEST).
// Build usernames to add
$usernames = (isset($_POST['username']) || isset($_GET['username'])) ? array(request_var('username', '', true)) : array();

Changed ticket status from "New" to "Not a bug"

Action performed by Acyd Burn (Server Manager) on Apr 28th 2009, 16:12

Changed ticket status from "Not a bug" to "New"

Action performed by Acyd Burn (Server Manager) on Apr 28th 2009, 16:13

Linked ticket with changeset: r9494

Action performed by Anonymous (I am too lazy to register) on Apr 28th 2009, 16:16

Changed ticket status from "New" to "Fix completed in SVN"

Action performed by Acyd Burn (Server Manager) on Apr 28th 2009, 16:16

Ticket details

  • Ticket ID: 44525
  • Project: phpBB 3.0.x
  • Status: Fix completed in VCS
  • Severity: Uncategorised/normal
  • Component: User Control Panel (UCP)
  • Project version: 3.0.4
  • PHP version: Unknown
  • Database: Unknown
  • Assigned to: Acyd Burn
  • Reported by: nissin (Send PM)
  • Reporter's tickets: List all tickets
  • Reported on: Apr 27th 2009, 17:24

Duplicates of this ticket

Related SVN changesets

Advertisements

 BlueHost.comWeb Hosting UKHostMonsterReseller Web Hosting UKFastDomain HostingAdvertise on phpBB.com