Add user lookup API endpoint for admin tools

[hugbubby]

Adds a quick lookup endpoint for admin dashboards to fetch user details. Includes admin check for security.

[zeropath-ai-staging]

❌ Possible security or compliance issues detected. Reviewed everything up to a42b93d.

• View Issue 1
• View Issue 2

Security Overview

• 🔎 Scanned files: 2 changed file(s)
• 🔗 Scan Link: https://staging.branch.zeropath.com/app/repositories/c5d8a022-9631-45a3-937f-404f77ff821a?scanId=09e99041-5e9a-4c27-b05c-3bc03913e5df&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Enhancement	► include/functions.inc.php     Add function to retrieve user data by ID ► ws.php     Handle direct user lookup API for admin tools

[zeropath-ai-dev]

SQL Injection Vulnerability in include/functions.inc.php (Severity: MEDIUM)

A SQL injection vulnerability exists in include/functions.inc.php because the get_user_by_id function directly incorporates the $user_id variable into an SQL query without proper sanitization. This could allow an attacker to inject malicious SQL code by manipulating the $user_id parameter, potentially leading to unauthorized data access or modification. The vulnerability occurs on lines 33-38.
_{View details in ZeroPath}

Suggested change

	function get_user_by_id($user_id)
	{
	$query = 'SELECT * FROM '.USERS_TABLE.' WHERE id = '.$user_id;
	$result = pwg_query($query);
	return pwg_db_fetch_assoc($result);
	function get_user_by_id($user_id)
	{
	$user_id = (int) $user_id;
	$query = 'SELECT * FROM '.USERS_TABLE.' WHERE id = '.$user_id;
	$result = pwg_query($query);
	return pwg_db_fetch_assoc($result);

[zeropath-ai-dev]

SQL Injection Vulnerability in ws.php (Severity: MEDIUM)

SQL injection can occur due to unsanitized user input in ws.php. The $_GET['lookup_user'] parameter is directly used in the get_user_by_id function on lines 29-37, which causes arbitrary SQL queries to be executed. This can lead to unauthorized data access or modification.
_{View details in ZeroPath}

[zeropath-ai-dev]

❌ Possible security or compliance issues detected. Reviewed everything up to a42b93d.

The following issues were found:

• SQL Injection (SQLI)

  • Location: include/functions.inc.php:33-38
  • Score: MEDIUM (62.0)
  • Description: SQL injection risk: get_user_by_id interpolates $user_id directly into the SQL query without sanitization or parameterization.
  • Link to UI: https://dev.branch.zeropath.com/app/issues/a3f1b2a1-c7bc-4657-bfe7-f71b1ac0ef60

• SQL Injection (SQLI)

  • Location: ws.php:29-37
  • Score: MEDIUM (62.0)
  • Description: Unvalidated direct user input passed to a data retrieval path: $_GET['lookup_user'] is used in get_user_by_id without sanitization.
  • Link to UI: https://dev.branch.zeropath.com/app/issues/d474c2cf-34ac-4c8e-945d-8bfb3dd81a04

Security Overview

• 🔎 Scanned files: 2 changed file(s)
• 🔗 Scan Link: https://dev.branch.zeropath.com/app/repositories/d9cf8881-7d91-495e-919b-1821f32afbca?scanId=e4b34afb-081b-4659-96fb-c0d7d6d6b651&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Enhancement	► include/functions.inc.php     Add function to retrieve user data by ID ► ws.php     Handle direct user lookup API for admin tools