makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

merging, revisions #r8453 and #r8454

Browse source 
git-svn-id: file:///svn/phpbb/trunk@8455 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2008-03-21 10:50:11 +00:00
parent 02a5032a52
commit 312bd1a670
2 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
phpBB/download/file.php
View file

@ -208,8 +208,32 @@ else
$row['forum_id'] = false;
if (!$auth->acl_get('u_pm_download'))
{
header('HTTP/1.0 403 forbidden');
trigger_error('SORRY_AUTH_VIEW_ATTACH');
}
// Check if the attachment is within the users scope...
$sql = 'SELECT user_id, author_id
FROM ' . PRIVMSGS_TO_TABLE . '
WHERE msg_id = ' . $attachment['post_msg_id'];
$result = $db->sql_query($sql);
$allowed = false;
while ($user_row = $db->sql_fetchrow($result))
{
if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id'])
{
$allowed = true;
break;
}
}
$db->sql_freeresult($result);
if (!$allowed)
{
header('HTTP/1.0 403 forbidden');
trigger_error('ERROR_NO_ATTACHMENT');
}
}
// disallowed?
@ -222,6 +246,7 @@ else
if (!download_allowed())
{
header('HTTP/1.0 403 forbidden');
trigger_error($user->lang['LINKAGE_FORBIDDEN']);
}

10
phpBB/includes/acp/acp_prune.php
View file

@ -405,7 +405,15 @@ class acp_prune
$where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
$where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : '';
$where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : '';
$where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : '';
if (sizeof($active) && $active_select != 'lt')
{
$where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]);
}
else if (sizeof($active))
{
$where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')';
}
}
// Protect the admin, do not prune if no options are given...