[ticket/security-250] Check form key when approving group membership

SECURITY-250

tests/test_framework/phpbb_functional_test_case.php

@@ -623,6 +623,25 @@ class phpbb_functional_test_case extends phpbb_test_case
 		return user_add($user_row);
 	}
 
+	/**
+	 * Get group ID
+	 *
+	 * @param string $group_name Group name
+	 * @return int Group id of specified group name
+	 */
+	protected function get_group_id($group_name)
+	{
+		$db = $this->get_db();
+		$sql = 'SELECT group_id
+			FROM ' . GROUPS_TABLE . "
+			WHERE group_name = '" . $db->sql_escape($group_name) . "'";
+		$result = $db->sql_query($sql);
+		$group_id = (int) $db->sql_fetchfield('group_id');
+		$db->sql_freeresult($result);
+
+		return $group_id;
+	}
+
 	protected function remove_user_group($group_name, $usernames)
 	{
 		global $db, $cache, $auth, $config, $phpbb_dispatcher, $phpbb_log, $phpbb_container, $phpbb_root_path, $phpEx;
@@ -655,12 +674,7 @@ class phpbb_functional_test_case extends phpbb_test_case
 			require_once(__DIR__ . '/../../phpBB/includes/functions_user.php');
 		}
 
-		$sql = 'SELECT group_id
-			FROM ' . GROUPS_TABLE . "
-			WHERE group_name = '" . $db->sql_escape($group_name) . "'";
-		$result = $db->sql_query($sql);
-		$group_id = (int) $db->sql_fetchfield('group_id');
-		$db->sql_freeresult($result);
+		$group_id = $this->get_group_id($group_name);
 
 		return group_user_del($group_id, false, $usernames, $group_name);
 	}
@@ -700,12 +714,7 @@ class phpbb_functional_test_case extends phpbb_test_case
 			require_once(__DIR__ . '/../../phpBB/includes/functions_user.php');
 		}
 
-		$sql = 'SELECT group_id
-			FROM ' . GROUPS_TABLE . "
-			WHERE group_name = '" . $db->sql_escape($group_name) . "'";
-		$result = $db->sql_query($sql);
-		$group_id = (int) $db->sql_fetchfield('group_id');
-		$db->sql_freeresult($result);
+		$group_id = $this->get_group_id($group_name);
 
 		return group_user_add($group_id, false, $usernames, $group_name, $default, $leader);
 	}