From b97d430783c66b1b0170ce3b3144a52d571fe247 Mon Sep 17 00:00:00 2001
From: V3ndetta <marc.kowal@gmx.de>
Date: Thu, 22 Oct 2020 08:47:45 +0200
Subject: [PATCH] Removed ability to edit Anonymous Users DB-Entry to prevent
 change of Userlvl or screwing other things up.

---
 src/psm/Module/User/Controller/UserController.php | 2 +-
 src/psm/Service/Database.php                      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/psm/Module/User/Controller/UserController.php b/src/psm/Module/User/Controller/UserController.php
index 91f0e423..f6b225e0 100644
--- a/src/psm/Module/User/Controller/UserController.php
+++ b/src/psm/Module/User/Controller/UserController.php
@@ -102,7 +102,7 @@ class UserController extends AbstractController
 
         $users = $this->db->select(
             PSM_DB_PREFIX . 'users',
-            null,
+            'user_id > 0',
             array('user_id', 'user_name', 'level', 'name', 'mobile', 'email'),
             null,
             array('name')
diff --git a/src/psm/Service/Database.php b/src/psm/Service/Database.php
index 5d69dd55..d8d04cf9 100644
--- a/src/psm/Service/Database.php
+++ b/src/psm/Service/Database.php
@@ -435,7 +435,7 @@ class Database
                 }
                 $query = substr($query, 0, -5);
             } else {
-                if (strpos($where, '=') === false) {
+                if ((strpos($where, '=') === false ) && (strpos($where, '>') === false) && (strpos($where, '<') === false)) {
                     // no field given, use primary field
                     $primary = $this->getPrimary($table);
                     $query .= " WHERE `{$table}`.`{$primary}`={$this->quote($where)}";