From 037d65c13cbdd0e1ec1767b701d305a0d2e6d7cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sven=20Sch=C3=BCring?= <ssch@zenmotion.de>
Date: Thu, 28 Oct 2021 17:08:01 +0200
Subject: [PATCH] Add more stricter user existence condition instead of strpos
 checks

---
 includes/AdminClass.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/includes/AdminClass.php b/includes/AdminClass.php
index 98b4a4e..84122bb 100644
--- a/includes/AdminClass.php
+++ b/includes/AdminClass.php
@@ -483,7 +483,8 @@ function add_user_to_group($userid, $gid) {
         $query = sprintf($format, $this->config['field_members'], $this->config['table_groups'], $this->config['field_gid'], $gid);
         $result = $this->dbConn->get_var($query);
         if ($result != "") {
-            if(strpos($result, $userid) !== false) {
+            $resultMembers = explode(',', $result);
+            if(in_array($userid, $resultMembers, true)) {
                 return true;
             } else {
                 $members = $result.','.$userid;
@@ -510,7 +511,8 @@ function remove_user_from_group($userid, $gid) {
         $format = 'SELECT %s FROM %s WHERE %s="%s"';
         $query = sprintf($format, $this->config['field_members'], $this->config['table_groups'], $this->config['field_gid'], $gid);
         $result = $this->dbConn->get_var($query);
-        if(strpos($result, $userid) === false) {
+        $resultMembers = explode(',', $result);
+        if(!in_array($userid, $resultMembers, true)) {
             return true;
         }
         $members_array = explode(",", $result);