mirror of
https://github.com/phpbb/phpbb.git
synced 2025-07-28 04:20:32 +02:00
[ticket/9650] Do not allow banning the anonymous user by username
Banning anonymous can result in bad things, like not being able to log in. However, it was possible until now. PHPBB3-9650
This commit is contained in:
@@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas
|
||||
FROM ' . USERS_TABLE . '
|
||||
WHERE ' . $db->sql_in_set('username_clean', $sql_usernames);
|
||||
|
||||
// Do not allow banning yourself
|
||||
// Do not allow banning yourself, the guest account, or founders.
|
||||
$non_bannable = array($user->data['user_id'], ANONYMOUS);
|
||||
if (sizeof($founder))
|
||||
{
|
||||
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true);
|
||||
$sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true);
|
||||
}
|
||||
else
|
||||
{
|
||||
$sql .= ' AND user_id <> ' . $user->data['user_id'];
|
||||
$sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true);
|
||||
}
|
||||
|
||||
$result = $db->sql_query($sql);
|
||||
|
Reference in New Issue
Block a user