makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 12:28:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch '3.3.x'

Browse source
This commit is contained in:
Marc Alexander 2020-01-18 21:46:17 +01:00
commit 1fefef3e06
No known key found for this signature in database
GPG key ID: 50E0D2423696F995
3 changed files with 12 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
phpBB/includes/functions_privmsgs.php
View file

@ -958,6 +958,11 @@ function handle_mark_actions($user_id, $mark_action)
{ {
case 'mark_important': case 'mark_important':
if (!check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
$sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . " $sql = 'UPDATE ' . PRIVMSGS_TO_TABLE . "
SET pm_marked = 1 - pm_marked SET pm_marked = 1 - pm_marked
WHERE folder_id = $cur_folder_id WHERE folder_id = $cur_folder_id

10
phpBB/includes/ucp/ucp_pm.php
View file

@ -209,14 +209,14 @@ class ucp_pm
$submit_mark = false; $submit_mark = false;
} }
if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
// Move PM // Move PM
if ($move_pm) if ($move_pm)
{ {
if (!check_form_key('ucp_pm_view'))
{
trigger_error('FORM_INVALID');
}
$move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array(); $move_msg_ids = (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
$cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX); $cur_folder_id = $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);

4
phpBB/includes/ucp/ucp_pm_viewfolder.php
View file

@ -32,7 +32,7 @@ function view_folder($id, $mode, $folder_id, $folder)
$folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']); $folder_info = get_pm_from($folder_id, $folder, $user->data['user_id']);
add_form_key('ucp_pm_view_folder'); add_form_key('ucp_pm_view');
if (!$submit_export) if (!$submit_export)
{ {
@ -199,7 +199,7 @@ function view_folder($id, $mode, $folder_id, $folder)
$enclosure = $request->variable('enclosure', ''); $enclosure = $request->variable('enclosure', '');
$delimiter = $request->variable('delimiter', ''); $delimiter = $request->variable('delimiter', '');
if (!check_form_key('ucp_pm_view_folder')) if (!check_form_key('ucp_pm_view'))
{ {
trigger_error('FORM_INVALID'); trigger_error('FORM_INVALID');
} }