From 1af89968dda7270de73d21bfb5285f25ddee9963 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Tue, 26 Mar 2013 20:14:40 +0100
Subject: [PATCH] [ticket/11474] Check read permission before sending
 *_in_queue notifications

PHPBB3-11405
PHPBB3-11474
---
 phpBB/includes/notification/type/post_in_queue.php  | 9 ++++++++-
 phpBB/includes/notification/type/topic_in_queue.php | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/phpBB/includes/notification/type/post_in_queue.php b/phpBB/includes/notification/type/post_in_queue.php
index 9c719205e6..a167dc2faf 100644
--- a/phpBB/includes/notification/type/post_in_queue.php
+++ b/phpBB/includes/notification/type/post_in_queue.php
@@ -101,8 +101,15 @@ class phpbb_notification_type_post_in_queue extends phpbb_notification_type_post
 		{
 			$has_permission = array_unique(array_merge($has_permission, $auth_approve[0][$this->permission]));
 		}
+		sort($has_permission);
 
-		return $this->check_user_notification_options($has_permission, array_merge($options, array(
+		$auth_read = $this->auth->acl_get_list($has_permission, 'f_read', $post['forum_id']);
+		if (empty($auth_read))
+		{
+			return array();
+		}
+
+		return $this->check_user_notification_options($auth_read[$post['forum_id']]['f_read'], array_merge($options, array(
 			'item_type'		=> self::$notification_option['id'],
 		)));
 	}
diff --git a/phpBB/includes/notification/type/topic_in_queue.php b/phpBB/includes/notification/type/topic_in_queue.php
index c501434c43..4fe4325118 100644
--- a/phpBB/includes/notification/type/topic_in_queue.php
+++ b/phpBB/includes/notification/type/topic_in_queue.php
@@ -101,8 +101,15 @@ class phpbb_notification_type_topic_in_queue extends phpbb_notification_type_top
 		{
 			$has_permission = array_unique(array_merge($has_permission, $auth_approve[0][$this->permission]));
 		}
+		sort($has_permission);
 
-		return $this->check_user_notification_options($has_permission, array_merge($options, array(
+		$auth_read = $this->auth->acl_get_list($has_permission, 'f_read', $topic['forum_id']);
+		if (empty($auth_read))
+		{
+			return array();
+		}
+
+		return $this->check_user_notification_options($auth_read[$topic['forum_id']]['f_read'], array_merge($options, array(
 			'item_type'		=> self::$notification_option['id'],
 		)));
 	}