Nakiami / mellivora

Mellivora is a CTF engine written in PHP
GNU General Public License v3.0
441 stars 171 forks source link

Logic bug in allowed_email() #80

Closed lanjelot closed 7 years ago

lanjelot commented 7 years ago

Hey,

There is a logic bug in allowed_email() that prevents email rules from actually being enforced.

If email does not match any rule then email will be allowed because $allowedEmail is initialized to true.

Nakiami commented 7 years ago

Hi, this is intended behavior. Default action is to allow email. If you want default action to be deny, you can add a rule for that in the console.