0ct0pu5/wesnoth
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wesnothd/fuh: Do not consider stale temporary bans from phpBB's banlist table

Browse source 
It turns out that as of phpBB 3.2.2 these are only cleared on the next
call to user_ban()/user_unban(), so they may linger around for long
after they've expired. Fixed this by making FUH aware of the existence
of the ban_end column.
This commit is contained in:
Iris Morelle 2018-10-13 19:39:16 -03:00 committed by Jyrki Vesterinen
parent 9e4210c6ce
commit 9c2bdf7ada
1 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/server/forum_user_handler.cpp
View file

@ -182,8 +182,12 @@ fuh::BAN_TYPE fuh::user_is_banned(const std::string& name, const std::string& ad
// for the time being.
//
// NOTE: A ban end time of 0 is a permanent ban.
const std::string& is_extant_ban_sql =
"ban_exclude = 0 AND (ban_end = 0 OR ban_end >=" + std::to_string(std::time(nullptr)) + ")";
try {
if(!addr.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_ip) = UPPER(?) AND ban_exclude = 0", addr)) {
if(!addr.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_ip) = UPPER(?) AND " + is_extant_ban_sql, addr)) {
LOG_UH << "User '" << name << "' ip " << addr << " banned by IP address\n";
return BAN_IP;
}
@ -199,14 +203,14 @@ fuh::BAN_TYPE fuh::user_is_banned(const std::string& name, const std::string& ad
if(uid == 0) {
ERR_UH << "Invalid user id for user '" << name << "'\n";
} else if(prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE ban_userid = ? AND ban_exclude = 0", uid)) {
} else if(prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE ban_userid = ? AND " + is_extant_ban_sql, uid)) {
LOG_UH << "User '" << name << "' uid " << uid << " banned by uid\n";
return BAN_USER;
}
auto email = get_detail_for_user<std::string>(name, "user_email");
if(!email.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_email) = UPPER(?) AND ban_exclude = 0", email)) {
if(!email.empty() && prepared_statement<bool>("SELECT 1 FROM `" + db_banlist_table_ + "` WHERE UPPER(ban_email) = UPPER(?) AND " + is_extant_ban_sql, email)) {
LOG_UH << "User '" << name << "' email " << email << " banned by email address\n";
return BAN_EMAIL;
}