From 52e32ba0b24293b9ce0b1801bd3b34c4f36d76d5 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 27 Apr 2020 20:52:03 +0000
Subject: [PATCH] accounts: Reject subdomains of blacklisted domains, too

Fixes: #12333
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/backend/accounts.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 584a8658..2c9f4608 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -362,7 +362,7 @@ class Accounts(Object):
 
 	def domain_is_blacklisted(self, domain):
 		res = self.db.get("SELECT TRUE AS found FROM blacklisted_domains \
-			WHERE domain = %s", domain)
+			WHERE domain = %s OR %s LIKE '%%.' || domain", domain, domain)
 
 		if res and res.found:
 			return True
-- 
2.47.3