From 6115d90cbfdc2469d0015cddd133decdb5692068 Mon Sep 17 00:00:00 2001
From: Andrew McMillan <andrew@morphoss.com>
Date: Sat, 11 Sep 2010 22:50:29 +1200
Subject: [PATCH] [principal edit] Ensure the id is > 0 for us to fetch the
 record.

As well as causing an unsightly SQL error in the logs this was
actually crashing PHP in some cases.  Also we don't delete the
row unless the ID is > 1, to avoid deleting the admin user by
accident.
---
 inc/ui/principal-edit.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/inc/ui/principal-edit.php b/inc/ui/principal-edit.php
index 293d696b..d471da2d 100644
--- a/inc/ui/principal-edit.php
+++ b/inc/ui/principal-edit.php
@@ -57,7 +57,7 @@ function handle_subaction( $subaction ) {
     case 'delete_principal':
       dbg_error_log('admin-principal-edit',':handle_action: Deleting principal %d', $id );
       if ( $session->AllowedTo('Admin') ) {
-        if ( $session->CheckConfirmationHash('GET', 'confirm') ) {
+        if ( isset($id) && $id > 1 && $session->CheckConfirmationHash('GET', 'confirm') ) {
           dbg_error_log('admin-principal-edit',':handle_action: Allowed to delete principal %d -%s', $id, $editor->Value('username') );
           $qry = new AwlQuery('DELETE FROM dav_principal WHERE principal_id=?', $id );
           if ( $qry->Exec() ) {
@@ -182,7 +182,7 @@ if ( $can_write_principal && $editor->IsSubmit() ) {
     $qry->Exec('admin-principal-edit');
   }
 }
-else {
+else if ( isset($id) && $id > 0 ) {
   $editor->GetRecord();
   if ( $editor->IsSubmit() ) {
     $c->messages[] = i18n('You do not have permission to modify this record.');
@@ -397,7 +397,7 @@ if ( isset($delete_principal_confirmation_required) ) {
 }
 
 
-if ( isset($id) ) {
+if ( isset($id) && $id > 0 ) {
   $browser = new Browser(translate('Group Memberships'));
   $c->stylesheets[] = 'css/browse.css';
   $c->scripts[] = 'js/browse.js';