makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

make sure we check the attachment status for the correct user ;)

Browse source 
git-svn-id: file:///svn/phpbb/trunk@6014 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-06-06 10:54:51 +00:00
parent 2ab88e7c56
commit 2c8afb820e
2 changed files with 10 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
phpBB/includes/message_parser.php
View file

@ -1116,13 +1116,15 @@ class parse_message extends bbcode_firstpass
/** /**
* Get Attachment Data * Get Attachment Data
*/ */
function get_submitted_attachment_data() function get_submitted_attachment_data($check_user_id = false)
{ {
global $user, $db, $phpbb_root_path, $phpEx, $config; global $user, $db, $phpbb_root_path, $phpEx, $config;
$this->filename_data['filecomment'] = request_var('filecomment', '', true); $this->filename_data['filecomment'] = request_var('filecomment', '', true);
$this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array();
$check_user_id = ($check_user_id === false) ? $user->data['user_id'] : $check_user_id;
// Regenerate data array... // Regenerate data array...
$attach_ids = $filenames = array(); $attach_ids = $filenames = array();
@ -1149,7 +1151,7 @@ class parse_message extends bbcode_firstpass
$sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail
FROM ' . ATTACHMENTS_TABLE . ' FROM ' . ATTACHMENTS_TABLE . '
WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ') WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ')
AND poster_id = ' . $user->data['user_id']; AND poster_id = ' . $check_user_id;
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
@ -1167,7 +1169,7 @@ class parse_message extends bbcode_firstpass
if (sizeof($attach_ids)) if (sizeof($attach_ids))
{ {
trigger_error('NO_ACCESS_ATTACHMENT'); trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
} }
} }
@ -1175,7 +1177,7 @@ class parse_message extends bbcode_firstpass
if (sizeof($filenames)) if (sizeof($filenames))
{ {
include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx);
$sql = 'SELECT attach_id $sql = 'SELECT attach_id
FROM ' . ATTACHMENTS_TABLE . " FROM ' . ATTACHMENTS_TABLE . "
WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')"; WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')";
@ -1185,7 +1187,7 @@ class parse_message extends bbcode_firstpass
if ($row) if ($row)
{ {
trigger_error('NO_ACCESS_ATTACHMENT'); trigger_error($user->lang['NO_ACCESS_ATTACHMENT'], E_USER_ERROR);
} }
foreach ($filenames as $pos => $physical_filename) foreach ($filenames as $pos => $physical_filename)

5
phpBB/posting.php
View file

@ -297,10 +297,9 @@ if (isset($post_data['post_text']))
unset($post_data['post_text']); unset($post_data['post_text']);
} }
$message_parser->get_submitted_attachment_data();
// Set some default variables // Set some default variables
$uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0); $uninit = array('post_attachment' => 0, 'poster_id' => $user->data['user_id'], 'enable_magic_url' => 0, 'topic_status' => 0, 'topic_type' => POST_NORMAL, 'post_subject' => '', 'topic_title' => '', 'post_time' => 0, 'post_edit_reason' => '', 'notify_set' => 0);
foreach ($uninit as $var_name => $default_value) foreach ($uninit as $var_name => $default_value)
{ {
if (!isset($post_data[$var_name])) if (!isset($post_data[$var_name]))
@ -310,6 +309,8 @@ foreach ($uninit as $var_name => $default_value)
} }
unset($uninit); unset($uninit);
$message_parser->get_submitted_attachment_data($post_data['poster_id']);
if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit') if ($post_data['post_attachment'] && !$submit && !$refresh && !$preview && $mode == 'edit')
{ {
$sql = 'SELECT attach_id, physical_filename, comment, real_filename, extension, mimetype, filesize, filetime, thumbnail $sql = 'SELECT attach_id, physical_filename, comment, real_filename, extension, mimetype, filesize, filetime, thumbnail