[RSS Feed/News] BannedUsers spam check returns wrong result if Ip::convertIpStringToBinary returns false

Status
Not open for further replies.

XenForo

Administrative
  • Thread starter
  • Admin
  • #1
In the method XF\Spam\Checker\BannedUsers::check, if calling Ip::convertIpStringToBinary() returns false (*) then the finder call ->where('ip', $ip) builds the condition `xf_ip`.`ip` = 0 which MySQL evaluates to true for nearly all strings (see e.g. mysql: why comparing a 'string' to 0 gives true?). As a result, the query matches all banned users (not only those who have a matching IP address).

(*) What XenForo...

Read more

ادامه مطلب...
 
Status
Not open for further replies.
Back
Top Bottom