User Register Notify module giving error on user registration
| Project: | User registration notification |
| Version: | 5.x-1.10 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | mchrisneglia |
| Status: | needs work |
| Issue tags: | Register Notify |
Jump to:
There is a bug in the user_register_notify.module which yields this error upon new user registration:
user warning: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '3,0,0,0,0' at line 1 query: SELECT mail FROM users AS u INNER JOIN users_roles AS r ON u.uid = r.uid WHERE r.rid IN('')3,0,0,0,0 in D:\****************
user warning: Data too long for column 'type' at row 1 query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'user_register_notify', '', 0, '', 'http://drupal52.local/user/register', 'http://drupal52.local/user/register', '66.185.109.71', 1240417865) in D:\*********\includes\database.mysqli.inc on line 156.
user warning: Data too long for column 'type' at row 1 query: INSERT INTO watchdog (uid, type, message, severity, link, location, referer, hostname, timestamp) VALUES (0, 'user_register_notify', '', 0, '', 'http://drupal52.local/user/register', 'http://drupal52.local/user/register', '66.185.109.71', 1240417865) in D:\************\includes\database.mysqli.inc on line 156.
---
On line 189 of user_register_notify.module,
//$result = db_query("SELECT mail FROM {users} AS u INNER JOIN {users_roles} AS r ON u.uid = r.uid WHERE r.rid IN('%s')". $roles);
Should read:
$result = db_query("SELECT mail FROM {users} AS u INNER JOIN {users_roles} AS r ON u.uid = r.uid WHERE r.rid IN('{$roles}')");
The problem was the mix-match of (s)printf style formatting-without an inner call to (s)printf- in addition to invalid syntax (dot operator instead of comma). No worries!

#1
#2
I want you to talk to the security team and ask is this is a good fix?