1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-28 04:20:32 +02:00

[ticket/9650] Do not allow banning the anonymous user by username

Banning anonymous can result in bad things, like not being able to log in.  However, it was possible until now.

PHPBB3-9650
This commit is contained in:
Josh Woody
2010-07-05 22:22:25 -05:00
parent b7ae0fe4e9
commit ae967d16f1
3 changed files with 10 additions and 3 deletions

View File

@@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
FROM ' . USERS_TABLE . '
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
// Do not allow banning yourself
// Do not allow banning yourself, the guest account, or founders.
$non_bannable = array($user->data['user_id'], ANONYMOUS);
if (sizeof($founder))
{
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
}
else
{
$sql .= ' AND user_id <> ' . $user->data['user_id'];
$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
}
$result = $db->sql_query($sql);