User module: Check if dialog was found (#1117)

* Check if c_id is numeric.
* Don't try to create a new dialog with a user that doesn't exist

application/modules/user/controllers/Panel.php

@@ -420,8 +420,20 @@ public function dialogAction()
         $c_id = $this->getRequest()->getParam('id');
 
         if ($c_id) {
+            if (!is_numeric($c_id)) {
+                $this->redirect()
+                    ->withMessage('dialogNotExisting', 'danger')
+                    ->to(['action' => 'dialog']);
+            }
+
             $user = $dialogMapper->getDialogCheckByCId($c_id);
 
+            if (!$user) {
+                $this->redirect()
+                    ->withMessage('dialogNotExisting', 'danger')
+                    ->to(['action' => 'dialog']);
+            }
+
             if ($this->getUser()->getId() != $user->getUserTwo()) {
                 $user_one = $user->getUserTwo();
                 $user_two = $user->getUserOne();
@@ -539,25 +551,33 @@ public function dialognewAction()
     {
         $DialogMapper = new DialogMapper();
         $ilchdate = new IlchDate();
+        $userMapper = new UserMapper();
 
         $user_one = $this->getUser()->getId();
         $user_two = $this->getRequest()->getParam('id');
 
-        if ($user_one != $user_two) {
+        if ($user_two && is_numeric($user_two) && ($user_one != $user_two)) {
             $c_exist = $DialogMapper->getDialogCheck($user_one, $user_two);
-            if ($c_exist == null) {
-                $model = new DialogModel();
-                $model->setUserOne($user_one)
-                    ->setUserTwo($user_two)
-                    ->setTime($ilchdate->toDb());
-                $DialogMapper->save($model);
-
-                $c_id = $DialogMapper->getDialogId($user_one);
-                $this->redirect(['action' => 'dialog', 'id' => $c_id->getCId()]);
-            }
 
-            $this->redirect(['action' => 'dialog', 'id' => $c_exist->getCId()]);
+            if (!$c_exist) {
+                if ($userMapper->userWithIdExists($user_two)) {
+                    $model = new DialogModel();
+                    $model->setUserOne($user_one)
+                        ->setUserTwo($user_two)
+                        ->setTime($ilchdate->toDb());
+                    $DialogMapper->save($model);
+
+                    $c_id = $DialogMapper->getDialogId($user_one);
+                    $this->redirect(['action' => 'dialog', 'id' => $c_id->getCId()]);
+                }
+            } else {
+                $this->redirect(['action' => 'dialog', 'id' => $c_exist->getCId()]);
+            }
         }
+
+        $this->redirect()
+            ->withMessage('userNotFound', 'danger')
+            ->to(['action' => 'dialog']);
     }
 
     public function galleryAction()

application/modules/user/translations/de.php

@@ -220,6 +220,7 @@
     'dialogsHidden' => 'Einige Dialoge sind ausgeblendet. Hier klicken um sie anzuzeigen.',
     'deleteDialogConfirm' => 'Soll der Dialog wirklich gelöscht werden?',
     'noDialog' => 'Keine Nachrichten vorhanden.',
+    'dialogNotExisting' => 'Dialog existiert nicht.',
     'menuPanel' => 'User Panel',
     'menuSetting' => 'Einstellung',
     'menuSettingsAvatar' => 'Avatar',

application/modules/user/translations/en.php

@@ -219,7 +219,8 @@
     'unhideDialogSuccess' => 'Dialog unhidden.',
     'dialogsHidden' => 'Some dialogs are hidden. Click here to show them.',
     'deleteDialogConfirm' => 'Delete this conversation?',
-    'noDialog' => 'No Messages available.',
+    'noDialog' => 'No messages available.',
+    'dialogNotExisting' => 'Dialog doesn\'t exist.',
     'menuPanel' => 'User Panel',
     'menuSetting' => 'Setting',
     'menuSettingsAvatar' => 'Avatar',