From 64ab1fc24cc1d563e000f6bab12de16f94887079 Mon Sep 17 00:00:00 2001
From: Oliver Schramm <oliver.schramm97@gmail.com>
Date: Sun, 30 Sep 2018 04:13:12 +0200
Subject: [PATCH] [ticket/9687] Fix bugs when banning and add TODO's

PHPBB3-9687
---
 phpBB/config/default/container/services_ban.yml | 2 +-
 phpBB/phpbb/ban/manager.php                     | 3 ++-
 phpBB/phpbb/ban/type/email.php                  | 4 ++--
 phpBB/phpbb/ban/type/user.php                   | 2 +-
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/phpBB/config/default/container/services_ban.yml b/phpBB/config/default/container/services_ban.yml
index 689bb37ab9..86991b93b6 100644
--- a/phpBB/config/default/container/services_ban.yml
+++ b/phpBB/config/default/container/services_ban.yml
@@ -36,6 +36,6 @@ services:
             - '@dbal.conn'
             - '@log'
             - '@user'
-            - '%tables.users'
+            - '%tables.users%'
         tags:
             - { name: ban.type }
diff --git a/phpBB/phpbb/ban/manager.php b/phpBB/phpbb/ban/manager.php
index 814899e9fb..5f0e565148 100644
--- a/phpBB/phpbb/ban/manager.php
+++ b/phpBB/phpbb/ban/manager.php
@@ -180,9 +180,10 @@ class manager
 						}
 					}
 
+					// TODO: Prevent logging out founders
 					$sql = 'SELECT user_id
 						FROM ' . $this->users_table . '
-						WHERE ' . $this->db->sql_in_set('u.' . $user_column, $ban_items_sql) . $ban_or_like;
+						WHERE ' . $this->db->sql_in_set('u.' . $user_column, $ban_items_sql, false, true) . $ban_or_like;
 					$result = $this->db->sql_query($sql);
 
 					$user_ids = [];
diff --git a/phpBB/phpbb/ban/type/email.php b/phpBB/phpbb/ban/type/email.php
index 813000d014..675eca0112 100644
--- a/phpBB/phpbb/ban/type/email.php
+++ b/phpBB/phpbb/ban/type/email.php
@@ -60,13 +60,13 @@ class email extends base
 		{
 			throw new runtime_exception(); // TODO
 		}
-		$regex = '#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i';
+		$regex = '#^.*?@.*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i';
 
 		$ban_items = [];
 		foreach ($items as $item)
 		{
 			$item = trim($item);
-			if (strlen($item) > 100 || preg_match($regex, $item) || in_array($item, $this->excluded))
+			if (strlen($item) > 100 || !preg_match($regex, $item) || in_array($item, $this->excluded))
 			{
 				continue;
 			}
diff --git a/phpBB/phpbb/ban/type/user.php b/phpBB/phpbb/ban/type/user.php
index 1582c954b8..299418df17 100644
--- a/phpBB/phpbb/ban/type/user.php
+++ b/phpBB/phpbb/ban/type/user.php
@@ -166,7 +166,7 @@ class user extends base
 
 		$sql_usernames = [];
 		$sql_or_like = [];
-		foreach ($items as $item)
+		foreach ($items as $item) // TODO: Prevent banning Anonymous
 		{
 			$cleaned_username = utf8_clean_string($item);
 			if (stripos($cleaned_username, '*') === false)