mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

do not validate username when disallowing it. ;) - #1220

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@5694 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-03-22 10:17:48 +00:00
parent 95e7b12706
commit b206d63c51
2 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
phpBB/includes/acp/acp_disallow.php
View File

@@ -34,17 +34,18 @@ class acp_disallow
if ($disallow)
{
$disallowed_user = str_replace('*', '%', request_var('disallowed_user', ''));
$message = validate_username($disallowed_user);
if (!$message)
if (!$disallowed_user)
{
$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));
$db->sql_query($sql);
$message = $user->lang['DISALLOW_SUCCESSFUL'];
add_log('admin', 'LOG_DISALLOW_ADD', str_replace('%', '*', $disallowed_user));
trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action));
}
$sql = 'INSERT INTO ' . DISALLOW_TABLE . ' ' . $db->sql_build_array('INSERT', array('disallow_username' => $disallowed_user));
$db->sql_query($sql);
$message = $user->lang['DISALLOW_SUCCESSFUL'];
add_log('admin', 'LOG_DISALLOW_ADD', str_replace('%', '*', $disallowed_user));
trigger_error($message . adm_back_link($this->u_action));
}
else if ($allow)
@@ -53,7 +54,7 @@ class acp_disallow
if (!$disallowed_id)
{
trigger_error($user->lang['NO_USER'] . adm_back_link($this->u_action));
trigger_error($user->lang['NO_USERNAME_SPECIFIED'] . adm_back_link($this->u_action));
}
$sql = 'DELETE FROM ' . DISALLOW_TABLE . "