[ticket/10561] All users can choose deactivated styles (fixed).

A form exploit enabled the users to select a deactivated style. Fixed with extra check on submit, with a new function styles_verify to check if the selected style is activated or not. PHPBB3-10561
2025-06-28 06:08:52 +00:00 · 2012-04-03 22:15:59 +05:30 · 2012-04-03 22:15:59 +05:30 · 084e1ae560
commit 084e1ae560
parent 3477b5e5a8
2 changed files with 20 additions and 1 deletions
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -1238,6 +1238,24 @@ function style_select($default = '', $all = false)
 	return $style_options;
 }

+/**
+* Check if style is activated
+*/
+function style_verify($style_id = 0)
+{
+	global $db;
+
+	$sql = 'SELECT style_id, style_active
+		FROM ' . STYLES_TABLE . "
+		WHERE style_id = $style_id";
+	$result = $db->sql_query($sql);
+
+	$style_verified = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	return $style_verified['style_active'];
+}
+
 /**
 * Pick a timezone
 */
--- a/phpBB/includes/ucp/ucp_prefs.php
+++ b/phpBB/includes/ucp/ucp_prefs.php
@ -61,7 +61,8 @@ class ucp_prefs

 				if ($submit)
 				{
-					$data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style'];
+					$data['style'] = ($config['override_user_style']) ? $config['default_style'] :
+						(style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style']));

 					$error = validate_data($data, array(
 						'dateformat'	=> array('string', false, 1, 30),