mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-28 04:20:32 +02:00
Code Issues Releases Wiki Activity

[ticket/9650] Do not allow banning the anonymous user by username

Browse Source 
Banning anonymous can result in bad things, like not being able to log in.  However, it was possible until now.

PHPBB3-9650
This commit is contained in:
Josh Woody
2010-07-05 22:22:25 -05:00
parent b7ae0fe4e9
commit ae967d16f1
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
phpBB/includes/functions_user.php
View File

@@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
// Do not allow banning yourself
// Do not allow banning yourself, the guest account, or founders.
$non_bannable = array($user->data['user_id'], ANONYMOUS);
if (sizeof($founder))
{
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
}
else
{
$sql .= ' AND user_id <> ' . $user->data['user_id'];
$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
}
$result = $db->sql_query($sql);