From d6c3e7785d98190436acdd8468a1d343b673c55b Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Sun, 30 Oct 2011 18:45:41 +0100 Subject: [PATCH 1/3] [ticket/10365] Make sure moderators only get mcp_reports link when allowed The m_report permission is not not being checked when displaying the link to mcp_reports. PHPBB3-10365 --- phpBB/includes/mcp/mcp_topic.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 76cd9beb92..9cdb69ed99 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -239,8 +239,8 @@ function mcp_topic_view($id, $mode, $action) 'MINI_POST_IMG' => ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'), - 'S_POST_REPORTED' => ($row['post_reported']) ? true : false, - 'S_POST_UNAPPROVED' => ($row['post_approved']) ? false : true, + 'S_POST_REPORTED' => ($auth->acl_get('m_report', $topic_info['forum_id']) && $row['post_reported']) ? true : false, + 'S_POST_UNAPPROVED' => ($auth->acl_get('m_approve', $topic_info['forum_id']) && $row['post_approved']) ? false : true, 'S_CHECKED' => (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false, 'S_HAS_ATTACHMENTS' => (!empty($attachments[$row['post_id']])) ? true : false, From 18ca3a32bc9f5ec84b6abba3c79920d23df8c778 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Sun, 30 Oct 2011 19:06:34 +0100 Subject: [PATCH 2/3] [ticket/10365] Require m_report permission to see reports in mcp_post This was exposed to anyone with m_ perms in mcp_post_details. PHPBB3-10365 --- phpBB/includes/mcp/mcp_post.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/phpBB/includes/mcp/mcp_post.php b/phpBB/includes/mcp/mcp_post.php index de7f3e63ee..ba45037a18 100644 --- a/phpBB/includes/mcp/mcp_post.php +++ b/phpBB/includes/mcp/mcp_post.php @@ -246,7 +246,7 @@ function mcp_post_details($id, $mode, $action) } // Get Reports - if ($auth->acl_get('m_', $post_info['forum_id'])) + if ($auth->acl_get('m_report', $post_info['forum_id'])) { $sql = 'SELECT r.*, re.*, u.user_id, u.username FROM ' . REPORTS_TABLE . ' r, ' . USERS_TABLE . ' u, ' . REPORTS_REASONS_TABLE . " re From 52bd8c307f388ac95d4bdd1bcdc52fdaa83ef4df Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Sun, 13 Nov 2011 15:37:26 +0100 Subject: [PATCH 3/3] [ticket/10365] Fix up S_POST_UNAPPROVED check, make it easier to read PHPBB3-10365 --- phpBB/includes/mcp/mcp_topic.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpBB/includes/mcp/mcp_topic.php b/phpBB/includes/mcp/mcp_topic.php index 9cdb69ed99..d7cc1e795a 100644 --- a/phpBB/includes/mcp/mcp_topic.php +++ b/phpBB/includes/mcp/mcp_topic.php @@ -239,8 +239,8 @@ function mcp_topic_view($id, $mode, $action) 'MINI_POST_IMG' => ($post_unread) ? $user->img('icon_post_target_unread', 'UNREAD_POST') : $user->img('icon_post_target', 'POST'), - 'S_POST_REPORTED' => ($auth->acl_get('m_report', $topic_info['forum_id']) && $row['post_reported']) ? true : false, - 'S_POST_UNAPPROVED' => ($auth->acl_get('m_approve', $topic_info['forum_id']) && $row['post_approved']) ? false : true, + 'S_POST_REPORTED' => ($row['post_reported'] && $auth->acl_get('m_report', $topic_info['forum_id'])), + 'S_POST_UNAPPROVED' => (!$row['post_approved'] && $auth->acl_get('m_approve', $topic_info['forum_id'])), 'S_CHECKED' => (($submitted_id_list && !in_array(intval($row['post_id']), $submitted_id_list)) || in_array(intval($row['post_id']), $checked_ids)) ? true : false, 'S_HAS_ATTACHMENTS' => (!empty($attachments[$row['post_id']])) ? true : false,