Issues in UGroupUserDao.class.php (master) - Issues in master - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/common/dao/UGroupUserDao.class.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
 *
 * This file is a part of Codendi.
 *
 * Codendi is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Codendi is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Codendi. If not, see <http://www.gnu.org/licenses/>.
 */

require_once('include/DataAccessObject.class.php');
require_once('www/project/admin/ugroup_utils.php');

/**
 *  Data Access Object for ProjectUGroup 
 */
class UGroupUserDao extends DataAccessObject {

    /**
    * Searches ProjectUGroup members by UGroupId 
    * 
    * Return all Active or Restricted ugroup members
    * Only return active & restricted to keep it coherent with Group::getMembersUserNames
    *
    * @param Integer $ugroup_id Id of the ugroup
    *
    * @return DataAccessResult
    */
    function searchUserByStaticUGroupId($ugroup_id) {
        $ugroup_id = $this->da->escapeInt($ugroup_id);
        $sql = "SELECT * 
                FROM ugroup_user INNER JOIN user USING(user_id) 
                WHERE ugroup_id = $ugroup_id
                AND user.status IN ('A', 'R')
                ORDER BY user_name";
        return $this->retrieve($sql);
    }

    public function searchUserByStaticUGroupIdIncludingSuspended($ugroup_id) {
        $ugroup_id = $this->da->escapeInt($ugroup_id);

        $sql = "SELECT *
                FROM ugroup_user INNER JOIN user USING(user_id)
                WHERE ugroup_id = $ugroup_id
                AND user.status IN ('A', 'R', 'S')
                ORDER BY user_name";

        return $this->retrieve($sql);
    }

    /**
     * Searches ProjectUGroup members by UGroupId paginated
     *
     * Return all Active or Restricted ugroup members
     * Only return active & restricted to keep it coherent with Group::getMembersUserNames
     *
     * @param Integer $ugroup_id Id of the ugroup
     * @param Integer $limit
     * @param Integer $offset
     *
     * @return DataAccessResult
     */
    public function searchUsersByStaticUGroupIdPaginated($ugroup_id, $limit, $offset) {
        $ugroup_id = $this->da->escapeInt($ugroup_id);
        $limit     = $this->da->escapeInt($limit);
        $offset    = $this->da->escapeInt($offset);

        $sql = "SELECT *
                FROM ugroup_user INNER JOIN user USING(user_id)
                WHERE ugroup_id = $ugroup_id
                  AND user.status IN ('A', 'R')
                ORDER BY user_name ASC
                LIMIT $offset, $limit";

        return $this->retrieve($sql);
    }

    /**
     * Count ProjectUGroup members by UGroupId
     *
     * @param Integer $ugroup_id Id of the ugroup
     *
     * @return DataAccessResult
     */
    function countUserByStaticUGroupId($ugroup_id) {
        $ugroup_id = $this->da->escapeInt($ugroup_id);

        $sql = "SELECT count(*) AS count_users
                FROM ugroup_user INNER JOIN user USING(user_id)
                WHERE ugroup_id = $ugroup_id
                  AND user.status IN ('A', 'R')
                ORDER BY user_name";

        return $this->retrieve($sql);
    }

    /**
     * Return project admins of given static group
     * 
     * @param Integer $groupId Id of the project
     * @param Array   $ugroups List of ugroups
     * 
     * @return Data Access Result
     */
    function returnProjectAdminsByStaticUGroupId($groupId, $ugroups) {
        $sql = 'SELECT u.email as email FROM user u
                    JOIN ugroup_user uu 
                    USING(user_id)
                    JOIN user_group ug 
                    USING(user_id) 
                    WHERE ug.admin_flags="A" 
                    AND u.status IN ("A", "R") 
                    AND ug.group_id ='.$this->da->escapeInt($groupId).' 
                    AND u.status IN ("A", "R") 
                    AND uu.ugroup_id IN ('.implode(",", $ugroups).')';
        return $this->retrieve($sql);
    }

    /**
     * Get uGroup members for both dynamic & sttic uGroups
     *
     * @param Integer $ugroupId Id of the uGroup
     * @param Integer $groupId  Id of the project
     *
     * @return DataAccessResult
     */
    public function searchUserByDynamicUGroupId($ugroupId, $groupId) {
        $sql = ugroup_db_get_dynamic_members($ugroupId, false, $groupId);
        if (! $sql) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return new DataAccessResultEmpty();
        }
        return $this->retrieve($sql);
    }

    public function searchUserByDynamicUGroupIdIncludingSuspended($ugroupId, $groupId) {
        $sql = ugroup_db_get_dynamic_members($ugroupId, false, $groupId, false, null, true);

        if (! $sql) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return new DataAccessResultEmpty();
        }

        return $this->retrieve($sql);
    }

    /**
     * Get uGroup members for both dynamic & static uGroups
     *
     * @param Integer $ugroupId Id of the uGroup
     * @param Integer $groupId  Id of the project
     * @param Integer $limit
     * @param Integer $offset
     *
     * @return DataAccessResult | false
     */
    public function searchUsersByDynamicUGroupIdPaginated($ugroupId, $groupId, $limit, $offset) {
        $ugroupId = $this->da->escapeInt($ugroupId);
        $groupId  = $this->da->escapeInt($groupId);
        $limit    = $this->da->escapeInt($limit);
        $offset   = $this->da->escapeInt($offset);

        $sql = ugroup_db_get_dynamic_members($ugroupId, false, $groupId, false, null, true);

        if (! $sql) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            return false;
        }

        $sql .= " LIMIT $offset, $limit"; // Nicolas Terray approved :)

        return $this->retrieve($sql);
    }

    /**
     * @param int $user_id
     * @param int $ugroup_id
     * @param int $group_id
     * @return bool
     */
    public function isDynamicUGroupMember($user_id, $ugroup_id, $group_id) {
        return ugroup_user_is_member($user_id, $ugroup_id, $group_id);
    }

    /**
     * Search users to add to ugroup
     *
     * @param Integer $ugroupId Id of the uGroup
     * @param Array   $filters  List of filters
     *
     * @return Array
     */
    public function searchUsersToAdd($ugroupId, $filters) {
        $ugroup_id              = $this->da->escapeInt($ugroupId);
        $offset                 = $this->da->escapeInt($filters['offset']);
        $number_per_page        = $this->da->escapeInt($filters['number_per_page']);
        $order_by               = (user_get_preference("username_display") > 1 ? 'realname' : 'user_name');
        $join_user_group        = $this->getJoinUserGroup($filters);
        $and_username_filter    = $this->getUsernameFilter($filters);

        $sql = "SELECT SQL_CALC_FOUND_ROWS user.user_id, user_name, realname, email, IF(R.user_id = user.user_id, 1, 0) AS is_on
                FROM user
                    NATURAL LEFT JOIN (SELECT user_id FROM ugroup_user WHERE ugroup_id = $ugroup_id ) AS R
                    $join_user_group
                WHERE status in ('A', 'R')
                  $and_username_filter
                ORDER BY $order_by
                LIMIT $offset, $number_per_page";

        $res  = $this->retrieve($sql);
        $res2 = $this->retrieve('SELECT FOUND_ROWS() as nb');
        $numTotalRows = $res2->getRow();

        return array('result' => $res, 'num_total_rows' => $numTotalRows['nb']);
    }

    private function getJoinUserGroup($filters) {
        $group_id = $this->da->escapeInt($filters['in_project']);
        if ($group_id) {
            return "INNER JOIN user_group ON (
                user_group.user_id = user.user_id
                AND user_group.group_id = $group_id
            )";
        }
        return '';
    }

    private function getUsernameFilter($filters) {
        $username_filters = array(
            $this->getContainsFilter($filters),
            $this->getBeginsWithFilter($filters)
        );
        $username_filters = array_filter($username_filters);
        if ($username_filters) {

            return 'AND ('. implode(' OR ', $username_filters) .')';
        }
        return '';
    }

    private function getContainsFilter($filters) {
        if ($filters['search']) {
            $contain = $this->da->quoteSmart("%".$filters['search']."%");
            return "user.realname LIKE $contain
                OR user.user_name LIKE $contain
                OR user.email LIKE $contain";
        }
    }

    private function getBeginsWithFilter($filters) {
        if ($filters['begin']) {
            $begin = $this->da->quoteSmart($filters['begin']."%");
            return "user.realname LIKE $begin
                OR user.user_name LIKE $begin
                OR user.email LIKE $begin";
        }
    }

    /**
     * Clone a given user group from another one
     *
     * @param Integer $sourceUgroupId Id of the user group from which we will copy users
     * @param Integer $targetUgroupId Id of the target user group
     *
     * @return Boolean
     */
    public function cloneUgroup($sourceUgroupId, $targetUgroupId) {
        $sourceUgroupId = $this->da->escapeInt($sourceUgroupId);
        $targetUgroupId = $this->da->escapeInt($targetUgroupId);
        $sql            = "INSERT INTO ugroup_user (ugroup_id, user_id)
                             SELECT $targetUgroupId, user_id
                             FROM ugroup_user
                             WHERE ugroup_id = $sourceUgroupId";
        return $this->update($sql);
    }

    /**
     * Remove all users of an ugroup
     *
     * @param Integer $ugroupId Id of the user group
     *
     * @return Boolean
     */
    public function resetUgroupUserList($ugroupId) {
        $ugroupId = $this->da->escapeInt($ugroupId);
        $sql      = "DELETE FROM ugroup_user WHERE ugroup_id = $ugroupId";
        return $this->update($sql);
    }
}

?>

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/dao/UGroupUserDao.class.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Copyright (c) Xerox Corporation, Codendi Team, 2001-2009. All rights reserved
4			*
5			* This file is a part of Codendi.
6			*
7			* Codendi is free software; you can redistribute it and/or modify
8			* it under the terms of the GNU General Public License as published by
9			* the Free Software Foundation; either version 2 of the License, or
10			* (at your option) any later version.
11			*
12			* Codendi is distributed in the hope that it will be useful,
13			* but WITHOUT ANY WARRANTY; without even the implied warranty of
14			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			* GNU General Public License for more details.
16			*
17			* You should have received a copy of the GNU General Public License
18			* along with Codendi. If not, see <http://www.gnu.org/licenses/>.
19			*/
20
21			require_once('include/DataAccessObject.class.php');
22			require_once('www/project/admin/ugroup_utils.php');
23
24			/**
25			* Data Access Object for ProjectUGroup
26			*/
27			class UGroupUserDao extends DataAccessObject {
28
29			/**
30			* Searches ProjectUGroup members by UGroupId
31			*
32			* Return all Active or Restricted ugroup members
33			* Only return active & restricted to keep it coherent with Group::getMembersUserNames
34			*
35			* @param Integer $ugroup_id Id of the ugroup
36			*
37			* @return DataAccessResult
38			*/
39			function searchUserByStaticUGroupId($ugroup_id) {
40			$ugroup_id = $this->da->escapeInt($ugroup_id);
41			$sql = "SELECT *
42			FROM ugroup_user INNER JOIN user USING(user_id)
43			WHERE ugroup_id = $ugroup_id
44			AND user.status IN ('A', 'R')
45			ORDER BY user_name";
46			return $this->retrieve($sql);
47			}
48
49			public function searchUserByStaticUGroupIdIncludingSuspended($ugroup_id) {
50			$ugroup_id = $this->da->escapeInt($ugroup_id);
51
52			$sql = "SELECT *
53			FROM ugroup_user INNER JOIN user USING(user_id)
54			WHERE ugroup_id = $ugroup_id
55			AND user.status IN ('A', 'R', 'S')
56			ORDER BY user_name";
57
58			return $this->retrieve($sql);
59			}
60
61			/**
62			* Searches ProjectUGroup members by UGroupId paginated
63			*
64			* Return all Active or Restricted ugroup members
65			* Only return active & restricted to keep it coherent with Group::getMembersUserNames
66			*
67			* @param Integer $ugroup_id Id of the ugroup
68			* @param Integer $limit
69			* @param Integer $offset
70			*
71			* @return DataAccessResult
72			*/
73			public function searchUsersByStaticUGroupIdPaginated($ugroup_id, $limit, $offset) {
74			$ugroup_id = $this->da->escapeInt($ugroup_id);
75			$limit = $this->da->escapeInt($limit);
76			$offset = $this->da->escapeInt($offset);
77
78			$sql = "SELECT *
79			FROM ugroup_user INNER JOIN user USING(user_id)
80			WHERE ugroup_id = $ugroup_id
81			AND user.status IN ('A', 'R')
82			ORDER BY user_name ASC
83			LIMIT $offset, $limit";
84
85			return $this->retrieve($sql);
86			}
87
88			/**
89			* Count ProjectUGroup members by UGroupId
90			*
91			* @param Integer $ugroup_id Id of the ugroup
92			*
93			* @return DataAccessResult
94			*/
95			function countUserByStaticUGroupId($ugroup_id) {
96			$ugroup_id = $this->da->escapeInt($ugroup_id);
97
98			$sql = "SELECT count(*) AS count_users
99			FROM ugroup_user INNER JOIN user USING(user_id)
100			WHERE ugroup_id = $ugroup_id
101			AND user.status IN ('A', 'R')
102			ORDER BY user_name";
103
104			return $this->retrieve($sql);
105			}
106
107			/**
108			* Return project admins of given static group
109			*
110			* @param Integer $groupId Id of the project
111			* @param Array $ugroups List of ugroups
112			*
113			* @return Data Access Result
114			*/
115			function returnProjectAdminsByStaticUGroupId($groupId, $ugroups) {
116			$sql = 'SELECT u.email as email FROM user u
117			JOIN ugroup_user uu
118			USING(user_id)
119			JOIN user_group ug
120			USING(user_id)
121			WHERE ug.admin_flags="A"
122			AND u.status IN ("A", "R")
123			AND ug.group_id ='.$this->da->escapeInt($groupId).'
124			AND u.status IN ("A", "R")
125			AND uu.ugroup_id IN ('.implode(",", $ugroups).')';
126			return $this->retrieve($sql);
127			}
128
129			/**
130			* Get uGroup members for both dynamic & sttic uGroups
131			*
132			* @param Integer $ugroupId Id of the uGroup
133			* @param Integer $groupId Id of the project
134			*
135			* @return DataAccessResult
136			*/
137			public function searchUserByDynamicUGroupId($ugroupId, $groupId) {
138			$sql = ugroup_db_get_dynamic_members($ugroupId, false, $groupId);
139			if (! $sql) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$sql` of type `null\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
140			return new DataAccessResultEmpty();
141			}
142			return $this->retrieve($sql);
143			}
144
145			public function searchUserByDynamicUGroupIdIncludingSuspended($ugroupId, $groupId) {
146			$sql = ugroup_db_get_dynamic_members($ugroupId, false, $groupId, false, null, true);
147
148			if (! $sql) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$sql` of type `null\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
149			return new DataAccessResultEmpty();
150			}
151
152			return $this->retrieve($sql);
153			}
154
155			/**
156			* Get uGroup members for both dynamic & static uGroups
157			*
158			* @param Integer $ugroupId Id of the uGroup
159			* @param Integer $groupId Id of the project
160			* @param Integer $limit
161			* @param Integer $offset
162			*
163			* @return DataAccessResult \| false
164			*/
165			public function searchUsersByDynamicUGroupIdPaginated($ugroupId, $groupId, $limit, $offset) {
166			$ugroupId = $this->da->escapeInt($ugroupId);
167			$groupId = $this->da->escapeInt($groupId);
168			$limit = $this->da->escapeInt($limit);
169			$offset = $this->da->escapeInt($offset);
170
171			$sql = ugroup_db_get_dynamic_members($ugroupId, false, $groupId, false, null, true);
172
173			if (! $sql) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$sql` of type `null\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
174			return false;
175			}
176
177			$sql .= " LIMIT $offset, $limit"; // Nicolas Terray approved :)
178
179			return $this->retrieve($sql);
180			}
181
182			/**
183			* @param int $user_id
184			* @param int $ugroup_id
185			* @param int $group_id
186			* @return bool
187			*/
188			public function isDynamicUGroupMember($user_id, $ugroup_id, $group_id) {
189			return ugroup_user_is_member($user_id, $ugroup_id, $group_id);
190			}
191
192			/**
193			* Search users to add to ugroup
194			*
195			* @param Integer $ugroupId Id of the uGroup
196			* @param Array $filters List of filters
197			*
198			* @return Array
199			*/
200			public function searchUsersToAdd($ugroupId, $filters) {
201			$ugroup_id = $this->da->escapeInt($ugroupId);
202			$offset = $this->da->escapeInt($filters['offset']);
203			$number_per_page = $this->da->escapeInt($filters['number_per_page']);
204			$order_by = (user_get_preference("username_display") > 1 ? 'realname' : 'user_name');
205			$join_user_group = $this->getJoinUserGroup($filters);
206			$and_username_filter = $this->getUsernameFilter($filters);
207
208			$sql = "SELECT SQL_CALC_FOUND_ROWS user.user_id, user_name, realname, email, IF(R.user_id = user.user_id, 1, 0) AS is_on
209			FROM user
210			NATURAL LEFT JOIN (SELECT user_id FROM ugroup_user WHERE ugroup_id = $ugroup_id ) AS R
211			$join_user_group
212			WHERE status in ('A', 'R')
213			$and_username_filter
214			ORDER BY $order_by
215			LIMIT $offset, $number_per_page";
216
217			$res = $this->retrieve($sql);
218			$res2 = $this->retrieve('SELECT FOUND_ROWS() as nb');
219			$numTotalRows = $res2->getRow();
220
221			return array('result' => $res, 'num_total_rows' => $numTotalRows['nb']);
222			}
223
224			private function getJoinUserGroup($filters) {
225			$group_id = $this->da->escapeInt($filters['in_project']);
226			if ($group_id) {
227			return "INNER JOIN user_group ON (
228			user_group.user_id = user.user_id
229			AND user_group.group_id = $group_id
230			)";
231			}
232			return '';
233			}
234
235			private function getUsernameFilter($filters) {
236			$username_filters = array(
237			$this->getContainsFilter($filters),
238			$this->getBeginsWithFilter($filters)
239			);
240			$username_filters = array_filter($username_filters);
241			if ($username_filters) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$username_filters` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
242			return 'AND ('. implode(' OR ', $username_filters) .')';
243			}
244			return '';
245			}
246
247			private function getContainsFilter($filters) {
248			if ($filters['search']) {
249			$contain = $this->da->quoteSmart("%".$filters['search']."%");
250			return "user.realname LIKE $contain
251			OR user.user_name LIKE $contain
252			OR user.email LIKE $contain";
253			}
254			}
255
256			private function getBeginsWithFilter($filters) {
257			if ($filters['begin']) {
258			$begin = $this->da->quoteSmart($filters['begin']."%");
259			return "user.realname LIKE $begin
260			OR user.user_name LIKE $begin
261			OR user.email LIKE $begin";
262			}
263			}
264
265			/**
266			* Clone a given user group from another one
267			*
268			* @param Integer $sourceUgroupId Id of the user group from which we will copy users
269			* @param Integer $targetUgroupId Id of the target user group
270			*
271			* @return Boolean
272			*/
273			public function cloneUgroup($sourceUgroupId, $targetUgroupId) {
274			$sourceUgroupId = $this->da->escapeInt($sourceUgroupId);
275			$targetUgroupId = $this->da->escapeInt($targetUgroupId);
276			$sql = "INSERT INTO ugroup_user (ugroup_id, user_id)
277			SELECT $targetUgroupId, user_id
278			FROM ugroup_user
279			WHERE ugroup_id = $sourceUgroupId";
280			return $this->update($sql);
281			}
282
283			/**
284			* Remove all users of an ugroup
285			*
286			* @param Integer $ugroupId Id of the user group
287			*
288			* @return Boolean
289			*/
290			public function resetUgroupUserList($ugroupId) {
291			$ugroupId = $this->da->escapeInt($ugroupId);
292			$sql = "DELETE FROM ugroup_user WHERE ugroup_id = $ugroupId";
293			return $this->update($sql);
294			}
295			}
296
297			?>

Enalean / tuleap

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/dao/UGroupUserDao.class.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like