Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

is_banned function issue #233

Closed
jmikerq opened this issue Jun 7, 2018 · 3 comments
Closed

is_banned function issue #233

jmikerq opened this issue Jun 7, 2018 · 3 comments
Labels
enhancement

Comments

@jmikerq
Copy link

jmikerq commented Jun 7, 2018

https://github.com/magefly/CodeIgniter-Aauth/blob/7ae5ef5fbc424b3e75bec3389a483d95e5cd5bc8/application/libraries/Aauth.php#L1072

I understand that your is_banned function checks if an existing user is banned. However, in a case where if the user doesn't exist in the system, this function will return FALSE, which means this non-existing user is not banned.

For security, I think it would be better to return TRUE for all users not found.
@omkartapale
Copy link
Contributor

@jmikerq I agree with you.. 👍

@REJack
Copy link
Collaborator

REJack commented Jun 26, 2018

That's a good idea, I'll change this in the next days 😄

@REJack
Copy link
Collaborator

REJack commented Nov 11, 2018

Issue closed, changes committed in master repo

@REJack REJack closed this as completed Nov 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@omkartapale @REJack @jmikerq