From 648a282fa5eca28a1d492e706e70faa3951b208a Mon Sep 17 00:00:00 2001
From: Roly Gutierrez <roly.gutierrez@processmaker.com>
Date: Thu, 2 Feb 2023 11:57:39 -0400
Subject: [PATCH] PMCORE-4046 User Enumeration

---
 .../engine/content/translations/english/processmaker.en.po  | 6 ++++++
 workflow/engine/data/mysql/insert.sql                       | 1 +
 workflow/engine/methods/users/usersAjax.php                 | 3 +--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/workflow/engine/content/translations/english/processmaker.en.po b/workflow/engine/content/translations/english/processmaker.en.po
index 9723384c4..0cdb8c02b 100755
--- a/workflow/engine/content/translations/english/processmaker.en.po
+++ b/workflow/engine/content/translations/english/processmaker.en.po
@@ -10955,6 +10955,12 @@ msgstr "The following start hours rows are invalid:"
 msgid "Invalid trigger '{TRIGGER_INDEX}'"
 msgstr "Invalid trigger '{TRIGGER_INDEX}'"
 
+# TRANSLATION
+# LABEL/ID_INVALID_USERNAME
+#: LABEL/ID_INVALID_USERNAME
+msgid "Invalid username"
+msgstr "Invalid username"
+
 # TRANSLATION
 # LABEL/ID_INVALID_VALUE
 #: LABEL/ID_INVALID_VALUE
diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql
index 8bb2549d7..5f2b47a47 100755
--- a/workflow/engine/data/mysql/insert.sql
+++ b/workflow/engine/data/mysql/insert.sql
@@ -58690,6 +58690,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE
 ( 'LABEL','ID_INVALID_START_HOURS','en','The following start hours rows are invalid:','2014-01-15') ,
 ( 'LABEL','ID_INVALID_STARTING_TIME','en','Starting time','2014-01-15') ,
 ( 'LABEL','ID_INVALID_TRIGGER','en','Invalid trigger ''{TRIGGER_INDEX}''','2014-01-15') ,
+( 'LABEL','ID_INVALID_USERNAME','en','Invalid username','2023-02-02') ,
 ( 'LABEL','ID_INVALID_VALUE','en','Invalid value for "{0}".','2014-05-20') ,
 ( 'LABEL','ID_INVALID_VALUE_ARRAY','en','Invalid value for ''{0}''. It must be an array.','2014-10-21') ,
 ( 'LABEL','ID_INVALID_VALUE_BOOLEAN','en','Invalid value for ''{0}''. It must be a boolean.','2014-10-21') ,
diff --git a/workflow/engine/methods/users/usersAjax.php b/workflow/engine/methods/users/usersAjax.php
index 4afde1594..e0a4c31bb 100755
--- a/workflow/engine/methods/users/usersAjax.php
+++ b/workflow/engine/methods/users/usersAjax.php
@@ -469,8 +469,7 @@ try {
             if (is_array($row) || $_POST['NEW_USERNAME'] == '') {
                 $color = 'red';
                 $img = '/images/delete.png';
-                $dataVar = ['USER_ID' => $_POST['NEW_USERNAME']];
-                $text = G::LoadTranslation('ID_USERNAME_ALREADY_EXISTS', $dataVar);
+                $text = G::LoadTranslation('ID_INVALID_USERNAME');
                 $text = ($_POST['NEW_USERNAME'] == '') ? G::LoadTranslation('ID_MSG_ERROR_USR_USERNAME') : $text;
                 $response['exists'] = true;
             } else {