From 2f2df932c09a466172ca8c420f90cf037351a9c0 Mon Sep 17 00:00:00 2001
From: Roman Kelesidis <roman25052006.kelesh@gmail.com>
Date: Wed, 17 May 2023 16:48:13 +0700
Subject: [PATCH] Prevent issue with empty $disallowed_id removing (#692)

---
 admin/admin_disallow.php | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/admin/admin_disallow.php b/admin/admin_disallow.php
index 9488c0495..79aa91c9d 100644
--- a/admin/admin_disallow.php
+++ b/admin/admin_disallow.php
@@ -38,15 +38,17 @@ if (isset($_POST['add_name'])) {
 } elseif (isset($_POST['delete_name'])) {
     $disallowed_id = isset($_POST['disallowed_id']) ? (int)$_POST['disallowed_id'] : (int)$_GET['disallowed_id'];
 
-    $sql = 'DELETE FROM ' . BB_DISALLOW . " WHERE disallow_id = $disallowed_id";
-    $result = DB()->sql_query($sql);
-    if (!$result) {
-        bb_die('Could not removed disallowed user');
+    if (!empty($disallowed_id)) {
+        $sql = 'DELETE FROM ' . BB_DISALLOW . " WHERE disallow_id = $disallowed_id";
+        $result = DB()->sql_query($sql);
+        if (!$result) {
+            bb_die('Could not removed disallowed user');
+        }
+
+        $message .= $lang['DISALLOWED_DELETED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_DISALLOWADMIN'], '<a href="admin_disallow.php">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>');
+
+        bb_die($message);
     }
-
-    $message .= $lang['DISALLOWED_DELETED'] . '<br /><br />' . sprintf($lang['CLICK_RETURN_DISALLOWADMIN'], '<a href="admin_disallow.php">', '</a>') . '<br /><br />' . sprintf($lang['CLICK_RETURN_ADMIN_INDEX'], '<a href="index.php?pane=right">', '</a>');
-
-    bb_die($message);
 }
 
 /**