Merge branch 'ent-9527-derivado-del-trabajo-q-a-765-api-pfms-1-0-en-llamada-new_user-permite-crear-usuario-nulo' into 'develop'

Ent 9527 derivado del trabajo q a 765 api pfms 1 0 en llamada new user permite crear usuario nulo https://brutus.artica.es:8081/artica/pandora_enterprise/-/issues/9527 See merge request artica/pandorafms!5126
2025-07-30 09:15:15 +02:00 · 2022-10-14 08:05:37 +00:00 · 2022-10-14 08:05:37 +00:00 · 3c74b0b47e
commit 3c74b0b47e
parent f871654e60 3e9e04642d
2 changed files with 72 additions and 55 deletions
--- a/pandora_console/godmode/users/user_list.php
+++ b/pandora_console/godmode/users/user_list.php
@ -265,6 +265,7 @@ $delete_user = (bool) get_parameter('user_del', false);
 if ($delete_user === true) {
    // Delete user.
    $id_user = get_parameter('delete_user', 0);
+    if ($id_user !== 0) {
        if (users_is_admin($id_user) === true && users_is_admin() === false) {
            db_pandora_audit(
                AUDIT_LOG_ACL_VIOLATION,
@ -331,6 +332,9 @@ if ($delete_user === true) {
        } else {
            ui_print_error_message(__('There was a problem deleting the user'));
        }
+    } else {
+        ui_print_error_message(__('ID user cannot be empty'));
+    }
 } else if (isset($_GET['profile_del'])) {
    // Delete profile.
    $id_profile = (int) get_parameter_post('delete_profile');
@ -586,6 +590,10 @@ $rowPair = true;
 $iterator = 0;
 $cont = 0;
 foreach ($info as $user_id => $user_info) {
+    if (empty($user_id) === true) {
+        continue;
+    }
+
    // User profiles.
    if ($user_is_admin || $user_id == $config['id_user'] || isset($group_um[0])) {
        $user_profiles = db_get_all_rows_field_filter(
--- a/pandora_console/include/functions_api.php
+++ b/pandora_console/include/functions_api.php
@ -9499,14 +9499,16 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
 {
    global $config;

-    // if (defined ('METACONSOLE')) {
-    // return;
-    // }
    if (!check_acl($config['id_user'], 0, 'UM')) {
        returnError('forbidden', 'string');
        return;
    }

+    if (empty($id) === true) {
+        returnError('Id cannot be empty.');
+        return;
+    }
+
    $idk = get_header('idk');
    if (is_management_allowed($idk) === false) {
        returnError('centralized');
@ -9528,6 +9530,11 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
    $values['section'] = $other['data'][11];
    $values['session_time'] = $other['data'][12];

+    if (empty($password) === true) {
+        returnError('Password cannot be empty.');
+        return;
+    }
+
    if (!create_user($id, $password, $values)) {
        returnError('The user could not created');
    } else {
@ -11734,14 +11741,16 @@ function api_set_delete_user($id, $thrash1, $thrash2, $thrash3)
 {
    global $config;

-    // if (defined ('METACONSOLE')) {
-    // return;
-    // }
    if (!check_acl($config['id_user'], 0, 'UM')) {
        returnError('forbidden', 'string');
        return;
    }

+    if (empty($id) === true) {
+        returnError('Id cannot be empty.');
+        return;
+    }
+
    $idk = get_header('idk');
    if (is_management_allowed($idk) === false) {
        returnError('centralized');