[ticket/10561] All users can choose deactivated styles (fixed).

A form exploit enabled the users to select a deactivated
style. Fixed with extra check on submit, with a new function
styles_verify to check if the selected style is activated or not.

PHPBB3-10561

phpBB/includes/functions.php

@@ -1238,6 +1238,24 @@ function style_select($default = '', $all = false)
 	return $style_options;
 }
 
+/**
+* Check if style is activated
+*/
+function style_verify($style_id = 0)
+{
+	global $db;
+
+	$sql = 'SELECT style_id, style_active
+		FROM ' . STYLES_TABLE . "
+		WHERE style_id = $style_id";
+	$result = $db->sql_query($sql);
+
+	$style_verified = $db->sql_fetchrow($result);
+	$db->sql_freeresult($result);
+
+	return $style_verified['style_active'];
+}
+
 /**
 * Pick a timezone
 */

phpBB/includes/ucp/ucp_prefs.php

@@ -61,7 +61,8 @@ class ucp_prefs
 
 				if ($submit)
 				{
-					$data['style'] = ($config['override_user_style']) ? $config['default_style'] : $data['style'];
+					$data['style'] = ($config['override_user_style']) ? $config['default_style'] :
+						(style_verify($data['style']) ? $data['style'] : ((int) $user->data['user_style']));
 
 					$error = validate_data($data, array(
 						'dateformat'	=> array('string', false, 1, 30),