From 64c34b2c0af2857e95282456a53e9ea019feb583 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Mon, 5 Feb 2024 20:30:31 +0000
Subject: [PATCH] fix deletion of app password - see #800

---
 public/users/app-passwords.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/public/users/app-passwords.php b/public/users/app-passwords.php
index 1214c800..fed8c497 100644
--- a/public/users/app-passwords.php
+++ b/public/users/app-passwords.php
@@ -126,9 +126,9 @@ function revokeAppPassword(string $username, int $fAppId, array $PALANG)
 {
     // $username should be from $_SESSION and not modifiable by the end user
     // we don't want someone to be able to delete someone else's app password by guessing an id...
-    $rows = db_query('SELECT id FROM mailbox_app_password WHERE id = :id AND username = :username', ['username' => $username, 'id' => $fAppId]);
-    if (!empty($rows)) {
-        $result = db_delete('mailbox_app_password', 'id', $rows[0]['id']);
+    $row = db_query_one('SELECT id FROM mailbox_app_password WHERE id = :id AND username = :username', ['username' => $username, 'id' => $fAppId]);
+    if (is_array($row) && isset($row['id'])) {
+        $result = db_delete('mailbox_app_password', 'id', $row['id']);
         if ($result == 1) {
             flash_info($PALANG['pTotp_exceptions_revoked']);
             return;