diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-12-21 16:58:47 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-12-21 16:58:47 +0000 |
| commit | 3598e51165c68d2822f877df4ca144b6342704cb (patch) | |
| tree | 0af1ff5abec1575b42418da871972c630f02cdf3 /phpBB/admin/admin_user_ban.php | |
| parent | a5a2735b882cf3646d6c234a0c75ff04b0019b4b (diff) | |
| download | forums-3598e51165c68d2822f877df4ca144b6342704cb.tar forums-3598e51165c68d2822f877df4ca144b6342704cb.tar.gz forums-3598e51165c68d2822f877df4ca144b6342704cb.tar.bz2 forums-3598e51165c68d2822f877df4ca144b6342704cb.tar.xz forums-3598e51165c68d2822f877df4ca144b6342704cb.zip | |
Fix bug #495736
git-svn-id: file:///svn/phpbb/trunk@1665 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/admin/admin_user_ban.php')
| -rw-r--r-- | phpBB/admin/admin_user_ban.php | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/phpBB/admin/admin_user_ban.php b/phpBB/admin/admin_user_ban.php index b99d0025fa..b945bf8bfe 100644 --- a/phpBB/admin/admin_user_ban.php +++ b/phpBB/admin/admin_user_ban.php @@ -233,7 +233,7 @@ if( isset($HTTP_POST_VARS['submit']) ) // initialisation resulting in an instant // ban // - if($kill_session_sql != "") + if( $kill_session_sql != "" ) { $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE $kill_session_sql"; @@ -248,16 +248,16 @@ if( isset($HTTP_POST_VARS['submit']) ) $in_banlist = false; for($j = 0; $j < count($current_banlist); $j++) { - if($email_list[$i] == $current_banlist[$j]['ban_email']) + if( $email_list[$i] == $current_banlist[$j]['ban_email'] ) { $in_banlist = true; } } - if(!$in_banlist) + if( !$in_banlist ) { $sql = "INSERT INTO " . BANLIST_TABLE . " (ban_email) - VALUES ('" . $email_list[$i] . "')"; + VALUES ('" . str_replace("\'", "''", $email_list[$i]) . "')"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't insert ban_email info into database", "", __LINE__, __FILE__, $sql); @@ -277,14 +277,14 @@ if( isset($HTTP_POST_VARS['submit']) ) { if($where_sql != "") { - $where_sql .= " OR "; + $where_sql .= ", "; } - $where_sql .= "ban_id = " . $user_list[$i]; + $where_sql .= $user_list[$i]; } } } - if(isset($HTTP_POST_VARS['unban_ip'])) + if( isset($HTTP_POST_VARS['unban_ip']) ) { $ip_list = $HTTP_POST_VARS['unban_ip']; @@ -294,14 +294,14 @@ if( isset($HTTP_POST_VARS['submit']) ) { if($where_sql != "") { - $where_sql .= " OR "; + $where_sql .= ", "; } - $where_sql .= "ban_id = " . $ip_list[$i]; + $where_sql .= $ip_list[$i]; } } } - if(isset($HTTP_POST_VARS['unban_email'])) + if( isset($HTTP_POST_VARS['unban_email']) ) { $email_list = $HTTP_POST_VARS['unban_email']; @@ -311,17 +311,17 @@ if( isset($HTTP_POST_VARS['submit']) ) { if($where_sql != "") { - $where_sql .= " OR "; + $where_sql .= ", "; } - $where_sql .= "ban_id = " . $email_list[$i]; + $where_sql .= $email_list[$i]; } } } - if($where_sql != "") + if( $where_sql != "" ) { $sql = "DELETE FROM " . BANLIST_TABLE . " - WHERE $where_sql"; + WHERE ban_id IN ($where_sql)"; if( !$result = $db->sql_query($sql) ) { message_die(GENERAL_ERROR, "Couldn't delete ban info from database", "", __LINE__, __FILE__, $sql); @@ -367,7 +367,6 @@ else $select_userlist .= "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>"; $userban_count++; } - $select_size = ( $userban_count < 5 || $userban_c) ? 5 : $select_userlist = "<select name=\"ban_user[]\" multiple=\"multiple\" size=\"5\">" . $select_userlist . "</select>"; $template->assign_vars(array( |