diff options
author | Josh Woody <a_jelly_doughnut@phpbb.com> | 2010-07-05 22:22:25 -0500 |
---|---|---|
committer | Josh Woody <a_jelly_doughnut@phpbb.com> | 2010-07-08 13:24:45 -0500 |
commit | ae967d16f1ad584d7e03b4466e6cc3d1d067dea6 (patch) | |
tree | d7538d8995facd4f96b462be90ab515f27be8040 /phpBB/includes/functions_user.php | |
parent | b7ae0fe4e91be1f7dc1d38d2c3c1e5b043d95739 (diff) | |
download | forums-ae967d16f1ad584d7e03b4466e6cc3d1d067dea6.tar forums-ae967d16f1ad584d7e03b4466e6cc3d1d067dea6.tar.gz forums-ae967d16f1ad584d7e03b4466e6cc3d1d067dea6.tar.bz2 forums-ae967d16f1ad584d7e03b4466e6cc3d1d067dea6.tar.xz forums-ae967d16f1ad584d7e03b4466e6cc3d1d067dea6.zip |
[ticket/9650] Do not allow banning the anonymous user by username
Banning anonymous can result in bad things, like not being able to log in. However, it was possible until now.
PHPBB3-9650
Diffstat (limited to 'phpBB/includes/functions_user.php')
-rw-r--r-- | phpBB/includes/functions_user.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index 271542efdd..8d2fa14a4b 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -837,14 +837,15 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas FROM ' . USERS_TABLE . ' WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); - // Do not allow banning yourself + // Do not allow banning yourself, the guest account, or founders. + $non_bannable = array($user->data['user_id'], ANONYMOUS); if (sizeof($founder)) { - $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); + $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), $non_bannable), true); } else { - $sql .= ' AND user_id <> ' . $user->data['user_id']; + $sql .= ' AND ' . $db->sql_in_set('user_id', $non_bannable, true); } $result = $db->sql_query($sql); |