[ticket/9687] Fix bugs when banning and add TODO's

PHPBB3-9687
2025-06-08 04:18:52 +00:00 · 2018-09-30 04:13:12 +02:00 · 2018-09-30 04:13:12 +02:00 · 64ab1fc24c
commit 64ab1fc24c
parent 728b200cd9
4 changed files with 6 additions and 5 deletions
--- a/phpBB/config/default/container/services_ban.yml
+++ b/phpBB/config/default/container/services_ban.yml
@ -36,6 +36,6 @@ services:
            - '@dbal.conn'
            - '@log'
            - '@user'
-            - '%tables.users'
+            - '%tables.users%'
        tags:
            - { name: ban.type }
--- a/phpBB/phpbb/ban/manager.php
+++ b/phpBB/phpbb/ban/manager.php
@ -180,9 +180,10 @@ class manager
 						}
 					}
 					// TODO: Prevent logging out founders
 					$sql = 'SELECT user_id
 						FROM ' . $this->users_table . '
-						WHERE ' . $this->db->sql_in_set('u.' . $user_column, $ban_items_sql) . $ban_or_like;
+						WHERE ' . $this->db->sql_in_set('u.' . $user_column, $ban_items_sql, false, true) . $ban_or_like;
 					$result = $this->db->sql_query($sql);
 					$user_ids = [];
--- a/phpBB/phpbb/ban/type/email.php
+++ b/phpBB/phpbb/ban/type/email.php
@ -60,13 +60,13 @@ class email extends base
 		{
 			throw new runtime_exception(); // TODO
 		}
-		$regex = '#^.*?@*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i';
+		$regex = '#^.*?@.*|(([a-z0-9\-]+\.)+([a-z]{2,3}))$#i';
 		$ban_items = [];
 		foreach ($items as $item)
 		{
 			$item = trim($item);
-			if (strlen($item) > 100 || preg_match($regex, $item) || in_array($item, $this->excluded))
+			if (strlen($item) > 100 || !preg_match($regex, $item) || in_array($item, $this->excluded))
 			{
 				continue;
 			}
--- a/phpBB/phpbb/ban/type/user.php
+++ b/phpBB/phpbb/ban/type/user.php
@ -166,7 +166,7 @@ class user extends base
 		$sql_usernames = [];
 		$sql_or_like = [];
-		foreach ($items as $item)
+		foreach ($items as $item) // TODO: Prevent banning Anonymous
 		{
 			$cleaned_username = utf8_clean_string($item);
 			if (stripos($cleaned_username, '*') === false)