MDL-23927 do not use = 'guest' because we have CFG->siteguest AND it …

…matches any other username with accents and different case in MySQL
abgreeve · Aug 25, 2010 · 04aec3d · 04aec3d
1 parent c924a46
commit 04aec3d
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 11 deletions.
diff --git a/admin/user.php b/admin/user.php
@@ -212,8 +212,8 @@
         $table->align = array ("left", "left", "left", "left", "left", "center", "center", "center");
         $table->width = "95%";
         foreach ($users as $user) {
-            if ($user->username == 'guest') {
-                continue; // do not dispaly dummy new user and guest here
+            if (isguestuser($user)) {
+                continue; // do not display guest here
             }
 
             if ($user->id == $USER->id or is_siteadmin($user)) {

diff --git a/admin/user/lib.php b/admin/user/lib.php
@@ -9,8 +9,7 @@
 function add_selection_all($ufiltering) {
     global $SESSION, $DB;
 
-    $guest = get_complete_user_data('username', 'guest');
-    list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id));
+    list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$CFG->siteguest));
 
     if ($rs = $DB->get_recordset_select('user', $sqlwhere, $params, 'fullname', 'id,'.$DB->sql_fullname().' AS fullname')) {
         foreach ($rs as $user) {
@@ -26,10 +25,9 @@ function get_selection_data($ufiltering) {
     global $SESSION, $DB;
 
     // get the SQL filter
-    $guest = get_complete_user_data('username', 'guest');
-    list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id));
+    list($sqlwhere, $params) = $ufiltering->get_sql_filter("id<>:exguest AND deleted <> 1", array('exguest'=>$CFG->siteguest));
 
-    $total  = $DB->count_records_select('user', "id<>:exguest AND deleted <> 1", array('exguest'=>$guest->id));
+    $total  = $DB->count_records_select('user', "id<>:exguest AND deleted <> 1", array('exguest'=>$CFG->siteguest));
     $acount = $DB->count_records_select('user', $sqlwhere, $params);
     $scount = count($SESSION->bulk_users);
 

diff --git a/user/profile.php b/user/profile.php
@@ -56,7 +56,7 @@
 $context = $usercontext = get_context_instance(CONTEXT_USER, $userid, MUST_EXIST);
 
 if (!$currentuser &&
-    !empty($CFG->forceloginforprofiles) && 
+    !empty($CFG->forceloginforprofiles) &&
     !has_capability('moodle/user:viewdetails', $context) &&
     !has_coursecontact_role($userid)) {
     // Course managers can be browsed at site level. If not forceloginforprofiles, allow access (bug #4366)
@@ -378,7 +378,7 @@
 
 // Print messaging link if allowed
 if (isloggedin() && has_capability('moodle/site:sendmessage', $context)
-    && !empty($CFG->messaging) && !isguestuser() && ($user->username != 'guest') && ($USER->id != $user->id)) {
+    && !empty($CFG->messaging) && !isguestuser() && !isguestuser($user) && ($USER->id != $user->id)) {
     echo '<div class="messagebox">';
     echo '<a href="'.$CFG->wwwroot.'/message/index.php?id='.$user->id.'">'.get_string('messageselectadd').'</a>';
     echo '</div>';

diff --git a/user/selector/lib.php b/user/selector/lib.php
@@ -412,7 +412,7 @@ protected function required_fields_sql($u) {
      *      this uses ? style placeholders.
      */
     protected function search_sql($search, $u) {
-        global $DB;
+        global $DB, $CFG;
         $params = array();
         $tests = array();
 
@@ -445,7 +445,8 @@ protected function search_sql($search, $u) {
         }
 
         // Add some additional sensible conditions
-        $tests[] = $u . "username <> 'guest'";
+        $tests[] = $u . "id <> :guestid";
+        $params['guestid'] = $CFG->siteguest;
         $tests[] = $u . 'deleted = 0';
         $tests[] = $u . 'confirmed = 1';