[RFC] buggy function banned user ids

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The current feature release of phpBB 3 is 3.3/Proteus.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.3.x. If you need support for phpBB 3.3.x please visit the 3.3.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
User avatar
3Di
Registered User
Posts: 951
Joined: Tue Nov 01, 2005 9:50 pm
Location: Milano 🇮🇹 Frankfurt 🇩🇪
Contact:

[RFC] buggy function banned user ids

Post by 3Di »

Working on an extension I noticed there is a glitch within a phpBB function, see:
phpBB 3.2.1 -> includes/functions_user.php

line #3647 as it is now (SQL report: Impossible WHERE noticed after reading const tables)

Code: Select all

$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0';
Should read

Code: Select all

$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 1';
And that's normal with a normal installation, the constant ANONYMOUS instead produces a SQL error.

If confirmed I will be more than glad to push a request.


What about if an user for some reason changed that constant during the life of its board?
Say a conversion or an upgrade from phpBB 1/2 ?
🆓 Free support for our extensions also provided here: phpBB Studio
🚀 Looking for a specific feature or alternative option? We will rock you!
Please PM me only to request paid works. Thx. Want to compensate me for my interest? Donate
My development's activity º PhpStorm's proud user º Extensions, Scripts, MOD porting, Update/Upgrades

User avatar
kasimi
Extension Customisations
Extension Customisations
Posts: 17
Joined: Thu May 24, 2012 1:54 pm

Re: [RFC] buggy function banned user ids

Post by kasimi »

0 is the correct value here because the query is selecting banned users, as opposed to banned emails or IPs for which ban_userid whould be 0. If you change it to <> 1, the returned array contains an invalid entry.

Post Reply