diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-06-21 17:08:41 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-06-21 17:08:41 +0000 |
| commit | 56aba11fd16fce8a9c925e8963368d91bc78247b (patch) | |
| tree | 1042c61205a9ec209fad8e72f78bf8a035bbf29d | |
| parent | 11f27bee84447bf769e10fc7d099bb34209e9c2d (diff) | |
| download | forums-56aba11fd16fce8a9c925e8963368d91bc78247b.tar forums-56aba11fd16fce8a9c925e8963368d91bc78247b.tar.gz forums-56aba11fd16fce8a9c925e8963368d91bc78247b.tar.bz2 forums-56aba11fd16fce8a9c925e8963368d91bc78247b.tar.xz forums-56aba11fd16fce8a9c925e8963368d91bc78247b.zip | |
Catch invalid username wildcard ban (we do not support these) (Bug #29305)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8668 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_user.php | 101 |
2 files changed, 49 insertions, 53 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 8ce216d186..cb7d820f47 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -114,6 +114,7 @@ <li>[Fix] Do not display ban message if direct call to cron. (thanks Dog Cow for reporting)</li> <li>[Fix] Correctly display double-colon on special conditions within highlighted php source (Bug #26795)</li> <li>[Fix] Increase storage capacity of titles/subjects due to specialchared content (Bug #25235)</li> + <li>[Fix] Catch invalid username wildcard ban (we do not support these) (Bug #29305)</li> <li>[Change] Adjust truncate_string() to be able to adjust the maximum storage length.</li> <li>[Change] Generalize load check (Bug #21255 / thanks to Xipher)</li> <li>[Change] Make utf8_htmlspecialchars not pass its argument by reference (Bug #21885)</li> diff --git a/phpBB/includes/functions_user.php b/phpBB/includes/functions_user.php index daa571a790..185c177b18 100644 --- a/phpBB/includes/functions_user.php +++ b/phpBB/includes/functions_user.php @@ -734,70 +734,65 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas case 'user': $type = 'ban_userid'; - if (in_array('*', $ban_list)) - { - // Ban all users (it's a good thing that you can exclude people) - $banlist_ary[] = '*'; - } - else - { - // Select the relevant user_ids. - $sql_usernames = array(); + // At the moment we do not support wildcard username banning + + // Select the relevant user_ids. + $sql_usernames = array(); - foreach ($ban_list as $username) + foreach ($ban_list as $username) + { + $username = trim($username); + if ($username != '') { - $username = trim($username); - if ($username != '') + $clean_name = utf8_clean_string($username); + if ($clean_name == $user->data['username_clean']) { - $clean_name = utf8_clean_string($username); - if ($clean_name == $user->data['username_clean']) - { - trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING); - } - if (in_array($clean_name, $founder_names)) - { - trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING); - } - $sql_usernames[] = $clean_name; + trigger_error('CANNOT_BAN_YOURSELF', E_USER_WARNING); + } + if (in_array($clean_name, $founder_names)) + { + trigger_error('CANNOT_BAN_FOUNDER', E_USER_WARNING); } + $sql_usernames[] = $clean_name; } + } - // Make sure we have been given someone to ban - if (!sizeof($sql_usernames)) - { - trigger_error('NO_USER_SPECIFIED'); - } + // Make sure we have been given someone to ban + if (!sizeof($sql_usernames)) + { + trigger_error('NO_USER_SPECIFIED'); + } - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('username_clean', $sql_usernames); - // Do not allow banning yourself - if (sizeof($founder)) - { - $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); - } - else - { - $sql .= ' AND user_id <> ' . $user->data['user_id']; - } + // Do not allow banning yourself + if (sizeof($founder)) + { + $sql .= ' AND ' . $db->sql_in_set('user_id', array_merge(array_keys($founder), array($user->data['user_id'])), true); + } + else + { + $sql .= ' AND user_id <> ' . $user->data['user_id']; + } - $result = $db->sql_query($sql); + $result = $db->sql_query($sql); - if ($row = $db->sql_fetchrow($result)) - { - do - { - $banlist_ary[] = (int) $row['user_id']; - } - while ($row = $db->sql_fetchrow($result)); - } - else + if ($row = $db->sql_fetchrow($result)) + { + do { - trigger_error('NO_USERS'); + $banlist_ary[] = (int) $row['user_id']; } + while ($row = $db->sql_fetchrow($result)); + } + else + { $db->sql_freeresult($result); + trigger_error('NO_USERS'); } + $db->sql_freeresult($result); break; case 'ip': @@ -997,7 +992,7 @@ function user_ban($mode, $ban, $ban_len, $ban_len_other, $ban_exclude, $ban_reas switch ($mode) { case 'user': - $sql_where = (in_array('*', $banlist_ary)) ? '' : 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary); + $sql_where = 'WHERE ' . $db->sql_in_set('session_user_id', $banlist_ary); break; case 'ip': @@ -2923,7 +2918,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna { case 'demote': case 'promote': - + $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " WHERE group_id = $group_id AND user_pending = 1 @@ -2935,7 +2930,7 @@ function group_user_attributes($action, $group_id, $user_id_ary = false, $userna { return 'NO_VALID_USERS'; } - + $sql = 'UPDATE ' . USER_GROUP_TABLE . ' SET group_leader = ' . (($action == 'promote') ? 1 : 0) . " WHERE group_id = $group_id |