diff --git a/modules/comment/comment.module b/modules/comment/comment.module
index 2cc44455c4b2af0d8e689480ce3efce1287dd93e..222164351e0f5cc0bc450e24111f26e84e4fcdd3 100644
--- a/modules/comment/comment.module
+++ b/modules/comment/comment.module
@@ -1652,7 +1652,13 @@ function comment_controls_submit($form, &$form_state) {
$comments_per_page = $form_state['values']['comments_per_page'];
if ($user->uid) {
- $user = user_save($user, array('mode' => $mode, 'sort' => $order, 'comments_per_page' => $comments_per_page));
+ $account = user_save($user, array('mode' => $mode, 'sort' => $order, 'comments_per_page' => $comments_per_page));
+ // Terminate if an error occured during user_save().
+ if (!$account) {
+ drupal_set_message(t("Error saving user account."), 'error');
+ return;
+ }
+ $user = $account;
}
else {
$_SESSION['comment_mode'] = $mode;
diff --git a/modules/openid/openid.module b/modules/openid/openid.module
index 7e7114caa36b24fa62b1fc3ba3f2038f5e8b31d9..4339d03392541f528453226cdafbdde5891ac9e9 100644
--- a/modules/openid/openid.module
+++ b/modules/openid/openid.module
@@ -393,6 +393,11 @@ function openid_authentication($response) {
else {
unset($form_state['values']['response']);
$account = user_save('', $form_state['values']);
+ // Terminate if an error occured during user_save().
+ if (!$account) {
+ drupal_set_message(t("Error saving user account."), 'error');
+ drupal_goto();
+ }
user_external_login($account);
}
drupal_redirect_form($form, $form_state['redirect']);
diff --git a/modules/user/user.module b/modules/user/user.module
index aca41f8388dca344b3926d283b12509b424da71a..b31dce5cda36ee009438a809616fbfb4fb80eea6 100644
--- a/modules/user/user.module
+++ b/modules/user/user.module
@@ -200,6 +200,9 @@ function user_load($array = array()) {
*
* @param $category
* (optional) The category for storing profile information in.
+ *
+ * @return
+ * A fully-loaded $user object upon successful save or FALSE if the save failed.
*/
function user_save($account, $array = array(), $category = 'account') {
// Dynamically compose a SQL query:
@@ -238,7 +241,11 @@ function user_save($account, $array = array(), $category = 'account') {
$query .= "data = '%s' ";
$v[] = serialize($data);
- db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
+ $success = db_query("UPDATE {users} SET $query WHERE uid = %d", array_merge($v, array($account->uid)));
+ if (!$success) {
+ // The query failed - better to abort the save than risk further data loss.
+ return FALSE;
+ }
// Reload user roles if provided
if (isset($array['roles']) && is_array($array['roles'])) {
@@ -311,10 +318,15 @@ function user_save($account, $array = array(), $category = 'account') {
break;
}
}
- db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
- $array['uid'] = db_last_insert_id('users', 'uid');
-
+ $success = db_query('INSERT INTO {users} ('. implode(', ', $fields) .') VALUES ('. implode(', ', $s) .')', $values);
+ if (!$success) {
+ // On a failed INSERT some other existing user's uid may be returned. We
+ // must abort to avoid overwirting their account.
+ return FALSE;
+ }
+
// Build the initial user object.
+ $array['uid'] = db_last_insert_id('users', 'uid');
$user = user_load(array('uid' => $array['uid']));
user_module_invoke('insert', $array, $user, $category);
@@ -1361,7 +1373,13 @@ function user_external_login_register($name, $module) {
if (!isset($user->uid)) {
// Register this new user.
$userinfo = array('name' => $name, 'pass' => user_password(), 'init' => $name, 'status' => 1, "authname_$module" => $name);
- $user = user_save('', $userinfo);
+ $account = user_save('', $userinfo);
+ // Terminate if an error occured during user_save().
+ if (!$account) {
+ drupal_set_message(t("Error saving user account."), 'error');
+ return;
+ }
+ $user = $account;
watchdog('user', 'New external user: %name using module %module.', array('%name' => $name, '%module' => $module), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $user->uid .'/edit'));
}
}
@@ -2207,6 +2225,12 @@ function user_register_submit($form, &$form_state) {
$merge_data['status'] = variable_get('user_register', 1) == 1;
}
$account = user_save('', array_merge($form_state['values'], $merge_data));
+ // Terminate if an error occured during user_save().
+ if (!$account) {
+ drupal_set_message(t("Error saving user account."), 'error');
+ $form_state['redirect'] = '';
+ return;
+ }
$form_state['user'] = $account;
watchdog('user', 'New user: %name (%email).', array('%name' => $name, '%email' => $mail), WATCHDOG_NOTICE, l(t('edit'), 'user/'. $account->uid .'/edit'));