From f84e03f646e04c4466def465ee519e64aca83b79 Mon Sep 17 00:00:00 2001
From: Marc Alexander <admin@m-a-styles.de>
Date: Thu, 8 Sep 2022 22:11:48 +0200
Subject: [PATCH] [ticket/17032] Prevent endlessly cycling to load user

PHPBB3-17032
---
 phpBB/phpbb/user_loader.php                  |  2 +-
 tests/user/fixtures/user_loader_no_guest.xml | 24 ++++++
 tests/user/user_loader_no_guest_test.php     | 87 ++++++++++++++++++++
 tests/user/user_loader_test.php              | 26 ++++++
 4 files changed, 138 insertions(+), 1 deletion(-)
 create mode 100644 tests/user/fixtures/user_loader_no_guest.xml
 create mode 100644 tests/user/user_loader_no_guest_test.php

diff --git a/phpBB/phpbb/user_loader.php b/phpBB/phpbb/user_loader.php
index 2108ec9278..4fce54f3cc 100644
--- a/phpBB/phpbb/user_loader.php
+++ b/phpBB/phpbb/user_loader.php
@@ -141,7 +141,7 @@ class user_loader
 		{
 			$this->load_users(array($user_id));
 
-			return $this->get_user($user_id);
+			return $user_id != ANONYMOUS ? $this->get_user($user_id) : $this->users[$user_id] ?? false;
 		}
 
 		return $this->get_user(ANONYMOUS);
diff --git a/tests/user/fixtures/user_loader_no_guest.xml b/tests/user/fixtures/user_loader_no_guest.xml
new file mode 100644
index 0000000000..aaa9d4f0c1
--- /dev/null
+++ b/tests/user/fixtures/user_loader_no_guest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<dataset>
+	<table name="phpbb_users">
+		<column>user_id</column>
+		<column>user_permissions</column>
+		<column>username</column>
+		<column>username_clean</column>
+		<column>user_sig</column>
+		<row>
+			<value>2</value>
+			<value></value>
+			<value>Admin</value>
+			<value>admin</value>
+			<value></value>
+		</row>
+		<row>
+			<value>3</value>
+			<value></value>
+			<value>Test</value>
+			<value>test</value>
+			<value></value>
+		</row>
+	</table>
+</dataset>
diff --git a/tests/user/user_loader_no_guest_test.php b/tests/user/user_loader_no_guest_test.php
new file mode 100644
index 0000000000..be5e52e53a
--- /dev/null
+++ b/tests/user/user_loader_no_guest_test.php
@@ -0,0 +1,87 @@
+<?php
+/**
+*
+* This file is part of the phpBB Forum Software package.
+*
+* @copyright (c) phpBB Limited <https://www.phpbb.com>
+* @license GNU General Public License, version 2 (GPL-2.0)
+*
+* For full copyright and license information, please see
+* the docs/CREDITS.txt file.
+*
+*/
+
+class phpbb_user_loader_no_guest_test extends phpbb_database_test_case
+{
+	protected $db;
+	protected $user_loader;
+
+	public function getDataSet()
+	{
+		return $this->createXMLDataSet(__DIR__ . '/fixtures/user_loader_no_guest.xml');
+	}
+
+	protected function setUp(): void
+	{
+		parent::setUp();
+
+		$this->db = $this->new_dbal();
+		$this->user_loader = new \phpbb\user_loader($this->db, __DIR__ . '/../../phpBB/', 'php', 'phpbb_users');
+	}
+
+	public function test_load_get()
+	{
+		$this->user_loader->load_users(array(2));
+
+		$user = $this->user_loader->get_user(1);
+		$this->assertFalse($user);
+
+		$user = $this->user_loader->get_user(2);
+		$this->assertEquals(2, $user['user_id']);
+		$this->assertEquals('Admin', $user['username']);
+	}
+
+	public function test_load_get_unloaded()
+	{
+		$this->user_loader->load_users(array(2));
+
+		$user = $this->user_loader->get_user(3);
+		$this->assertFalse($user);
+
+		$user = $this->user_loader->get_user(3, true);
+		$this->assertEquals(3, $user['user_id']);
+		$this->assertEquals('Test', $user['username']);
+	}
+
+	public function test_load_get_invalid()
+	{
+		$this->user_loader->load_users(array(2));
+
+		$user = $this->user_loader->get_user(9);
+		$this->assertFalse($user);
+
+		$user = $this->user_loader->get_user(3, true);
+		$this->assertEquals(3, $user['user_id']);
+		$this->assertEquals('Test', $user['username']);
+	}
+
+	public function test_load_get_invalid_query()
+	{
+		$this->user_loader->load_users(array(2));
+
+		$user = $this->user_loader->get_user(9, true);
+		$this->assertFalse($user);
+
+		$user = $this->user_loader->get_user(3, true);
+		$this->assertEquals(3, $user['user_id']);
+		$this->assertEquals('Test', $user['username']);
+	}
+
+	public function test_load_user_by_username()
+	{
+		$user_id = $this->user_loader->load_user_by_username('Test');
+		$user = $this->user_loader->get_user($user_id);
+		$this->assertEquals(3, $user['user_id']);
+		$this->assertEquals('Test', $user['username']);
+	}
+}
diff --git a/tests/user/user_loader_test.php b/tests/user/user_loader_test.php
index dd00d6eb06..1d915823b7 100644
--- a/tests/user/user_loader_test.php
+++ b/tests/user/user_loader_test.php
@@ -55,6 +55,32 @@ class phpbb_user_loader_test extends phpbb_database_test_case
 		$this->assertEquals('Test', $user['username']);
 	}
 
+	public function test_load_get_invalid()
+	{
+		$this->user_loader->load_users(array(2));
+
+		$user = $this->user_loader->get_user(9);
+		$this->assertEquals(1, $user['user_id']);
+		$this->assertEquals('Guest', $user['username']);
+
+		$user = $this->user_loader->get_user(3, true);
+		$this->assertEquals(3, $user['user_id']);
+		$this->assertEquals('Test', $user['username']);
+	}
+
+	public function test_load_get_invalid_query()
+	{
+		$this->user_loader->load_users(array(2));
+
+		$user = $this->user_loader->get_user(9, true);
+		$this->assertEquals(1, $user['user_id']);
+		$this->assertEquals('Guest', $user['username']);
+
+		$user = $this->user_loader->get_user(3, true);
+		$this->assertEquals(3, $user['user_id']);
+		$this->assertEquals('Test', $user['username']);
+	}
+
 	public function test_load_user_by_username()
 	{
 		$user_id = $this->user_loader->load_user_by_username('Test');