[ticket/9687] Clean up code some more

PHPBB3-9687
2025-06-10 05:18:52 +00:00 · 2023-11-06 20:28:42 +01:00 · 2023-11-06 20:28:42 +01:00 · 13361a3b4b
commit 13361a3b4b
parent eacfe7be7b
3 changed files with 9 additions and 6 deletions
--- a/phpBB/install/convertors/convert_phpbb20.php
+++ b/phpBB/install/convertors/convert_phpbb20.php
@ -455,7 +455,8 @@ if (!$get_info)
 				array('ban_reason',				'',						''),
 				array('ban_reason_display',		'',						''),

-				'where'			=> "banlist.ban_ip NOT LIKE '%.%' AND banlist.ban_userid <> 0",
+				'where'			=> "banlist.ban_ip NOT LIKE '%.%'
+										AND banlist.ban_userid <> 0",
 			),

 			array(
@ -466,7 +467,8 @@ if (!$get_info)
 				array('ban_reason',				'',						''),
 				array('ban_reason_display',		'',						''),

-				'where'			=> "banlist.ban_ip NOT LIKE '%.%' AND banlist.ban_email <> ''",
+				'where'			=> "banlist.ban_ip NOT LIKE '%.%'
+										AND banlist.ban_email <> ''",
 			),

 			array(
@ -477,7 +479,8 @@ if (!$get_info)
 				array('ban_reason',				'',						''),
 				array('ban_reason_display',		'',						''),

-				'where'			=> "banlist.ban_userid = 0 AND banlist.ban_ip <> ''",
+				'where'			=> "banlist.ban_userid = 0
+										AND banlist.ban_ip <> ''",
 			),

 			array(
--- a/phpBB/phpbb/ban/type/base.php
+++ b/phpBB/phpbb/ban/type/base.php
@ -112,7 +112,7 @@ abstract class base implements type_interface
 			FROM ' . $this->bans_table . '
 			WHERE (ban_end >= ' . time() . "
 					OR ban_end = 0)
-				AND ban_mode = '{$this->get_type()}'
+				AND ban_mode = '{$this->db->sql_escape($this->get_type())}'
 			ORDER BY ban_item";
 		$result = $this->db->sql_query($sql);
 		$rowset = $this->db->sql_fetchrowset($result);
@ -143,7 +143,7 @@ abstract class base implements type_interface
 			$this->excluded[$this->user->id()] = $this->user->data[$user_column];
 		}

-		$sql = "SELECT user_id, {$user_column}
+		$sql = "SELECT user_id, {$this->db->sql_escape($user_column)}
 			FROM {$this->users_table}
 			WHERE user_type = " . USER_FOUNDER;
 		$result = $this->db->sql_query($sql);
--- a/phpBB/phpbb/ban/type/user.php
+++ b/phpBB/phpbb/ban/type/user.php
@ -79,7 +79,7 @@ class user extends base
 			WHERE (b.ban_end >= ' . time() . "
 					OR b.ban_end = 0)
 				AND b.ban_userid = u.user_id
-				AND b.ban_mode = '{$this->get_type()}'
+				AND b.ban_mode = '{$this->db->sql_escape($this->get_type())}'
 			ORDER BY u.username_clean ASC";
 		$result = $this->db->sql_query($sql);
 		while ($row = $this->db->sql_fetchrow($result))