Check for existance of group- and usernames, don't mix OC_USER and OC_GROUP!

3 files changed, 16 insertions, 4 deletions

diff --git a/lib/User/database.php b/lib/User/database.php
index a0d06d63074..1a4ddf44c4e 100644
--- a/lib/User/database.php
+++ b/lib/User/database.php
@@ -74,10 +74,6 @@ class OC_USER_DATABASE extends OC_USER_BACKEND {
 	 * Deletes a user
 	 */
 	public static function deleteUser( $uid ){
-		// Delete user
-		$query = OC_DB::prepare( "DELETE FROM `*PREFIX*users` WHERE uid = ?" );
-		$result = $query->execute( array( $uid ));
-
 		// Delete user-group-relation
 		$query = OC_DB::prepare( "DELETE FROM `*PREFIX*group_user` WHERE uid = ?" );
 		$result = $query->execute( array( $uid ));
diff --git a/lib/group.php b/lib/group.php
index ef8b7cecfb2..eb4aa3bbf28 100644
--- a/lib/group.php
+++ b/lib/group.php
@@ -104,6 +104,11 @@ class OC_GROUP {
 		if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $gid )){
 			return false;
 		}
+		// No empty group names!
+		if( !$gid ){
+			return false;
+		}
+
 		$run = true;
 		OC_HOOK::emit( "OC_GROUP", "pre_createGroup", array( "run" => &$run, "gid" => $gid ));
 
diff --git a/lib/user.php b/lib/user.php
index 82b012f3a5c..51e4ab358e1 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -114,6 +114,11 @@ class OC_USER {
 		if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $uid )){
 			return false;
 		}
+		// No empty username
+		if( !$uid ){
+			return false;
+		}
+
 		$run = true;
 		OC_HOOK::emit( "OC_USER", "pre_createUser", array( "run" => &$run, "uid" => $uid, "password" => $password ));
 
@@ -138,6 +143,12 @@ class OC_USER {
 		OC_HOOK::emit( "OC_USER", "pre_deleteUser", array( "run" => &$run, "uid" => $uid ));
 
 		if( $run && self::$_backend->deleteUser( $uid )){
+			// We have to delete the user from all groups
+			foreach( OC_GROUP::getUserGroups( $uid ) as $i ){
+				OC_GROUP::removeFromGroup( $uid, $i );
+			}
+
+			// Emit and exit
 			OC_HOOK::emit( "OC_USER", "post_deleteUser", array( "uid" => $uid ));
 			return true;
 		}