phplist3 icon indicating copy to clipboard operation
phplist3 copied to clipboard
verified publisher icon phpList

Definition of the user_blacklist_data table

Open bramley opened this issue 3 years ago • 0 comments

The definition of this table has a unique index for the email column. But the way that the table is used seems to imply that there can be multiple rows for the same email address

'user_blacklist_data' => array(
    'email'   => array('varchar(150) not null unique', 'Email'),
    'name'    => array('varchar(25) not null', 'Name of Dataitem'),
    'data'    => array('text', ''),
    'index_1' => array('emailidx (email)', ''),
    'index_2' => array('emailnameidx (email,name)', ''),
),

In file admin/userlib.php function addEmailToBlackList() has this code which adds a row for the supplied reason then tries to add a second row for the email address

Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")',
    $GLOBALS['tables']['user_blacklist_data'], sql_escape($email),
    'reason', addslashes($reason)));
foreach (array('REMOTE_ADDR','HTTP_X_FORWARDED_FOR') as $item) { // @@@do we want to know more?
    if (isset($_SERVER[$item])) {
        Sql_Query(sprintf('insert ignore into %s (email,name,data) values("%s","%s","%s")',
            $GLOBALS['tables']['user_blacklist_data'], addslashes($email),
            $item, addslashes($_SERVER[$item])));
    }
}

bramley avatar Feb 12 '22 17:02 bramley