[RFC] buggy function banned user ids

General discussion of development ideas and the approaches taken in the 3.x branch of phpBB. The next feature release of phpBB 3 will be 3.2/Rhea followed by 3.3.
Forum rules
Please do not post support questions regarding installing, updating, or upgrading phpBB 3.1. If you need support for phpBB 3.1 please visit the 3.1.x Support Forum on phpbb.com.

If you have questions regarding writing extensions please post in Extension Writers Discussion to receive proper guidance from our staff and community.
Post Reply
User avatar
3Di
Registered User
Posts: 694
Joined: Tue Nov 01, 2005 9:50 pm
Location: Milano (I) Frankfurt (D)
Contact:

[RFC] buggy function banned user ids

Post by 3Di » Sat Sep 23, 2017 3:53 am

Working on an extension I noticed there is a glitch within a phpBB function, see:
phpBB 3.2.1 -> includes/functions_user.php

line #3647 as it is now (SQL report: Impossible WHERE noticed after reading const tables)

Code: Select all

$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 0';
Should read

Code: Select all

$sql_user_ids = (!empty($user_ids)) ? $db->sql_in_set('ban_userid', $user_ids) : 'ban_userid <> 1';
And that's normal with a normal installation, the constant ANONYMOUS instead produces a SQL error.

If confirmed I will be more than glad to push a request.


What about if an user for some reason changed that constant during the life of its board?
Say a conversion or an upgrade from phpBB 1/2 ?
Want to compensate me for my interest? Don't ask me, just do it
I'm available for custom phpBB jobs, you can PM me the details.
New: my Live Board, Extensions and Tools for phpBB - Men at works.

User avatar
kasimi
Extension Customisations
Extension Customisations
Posts: 13
Joined: Thu May 24, 2012 1:54 pm

Re: [RFC] buggy function banned user ids

Post by kasimi » Mon Sep 25, 2017 5:01 pm

0 is the correct value here because the query is selecting banned users, as opposed to banned emails or IPs for which ban_userid whould be 0. If you change it to <> 1, the returned array contains an invalid entry.

Post Reply