diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 986e957237..af9c56d75f 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -125,13 +125,13 @@
[Fix] Flash files do not display anymore after update to flash player 10 (Bug #41315)
[Fix] Use FQDN for SMTP EHLO/HELO command. (Bug #41025)
[Fix] Mass Email works again for users with empty jabber address but notification set to 'both'. (Bug #39755)
- [Fix] Fix race condition for updating post/topic/etc. counter. (reported by BartVB)
+ [Fix] Fix race condition for updating post/topic/etc. counter. (Reported by BartVB)
[Fix] Fix duplicate creation of acl options in acl_add_options() under certain conditions. (Bug #38385, #40225)
[Fix] Cancel when replying to global announcement redirects to first forum - not to the current forum (Bug #41225 - Patch by TerraFrost)
[Fix] Cursor Jumps on New Topic in IE (Bug #42455 - Patch by TerraFrost)
[Fix] Add indicator to be used in code if session was created (user visits the site for the first time).
[Fix] Correctly count topic views for guests visiting the website the first time by entering the topic directly (Bug #43445)
- [Fix] Fix bug in postgresql db layer for LIMIT ALL clauses (reported by JRSweets)
+ [Fix] Fix bug in postgresql db layer for LIMIT ALL clauses (Reported by JRSweets)
[Fix] Sort backups by date, newest first (Bug #14818)
[Fix] Prevent incomplete backups stored if option "store and download" is selected and admin cancel download by removing the option. (Bug #20325)
[Fix] Enforce correct case for template variables
@@ -144,7 +144,7 @@
[Fix] Do not create thumbnail if thumbnail would've the same size as the original image. (Bug #30725)
[Fix] Ability to vote in poll is now required for the ability to change existing vote. (Bug #38925)
[Fix] Search for 'topic title only' and 'first post' should work again for non-mysql dbms. (Bug #40605)
- [Fix] Make sure additional information for accessibility is always exposed to screen readers (Bug #44335 - patch by MarcoZ)
+ [Fix] Make sure additional information for accessibility is always exposed to screen readers (Bug #44335 - Patch by MarcoZ)
[Fix] Approving a topic when some of the posts within that topic have already been approved (Bug #42585 - Patch by TerraFrost)
[Fix] Online status shown when post hidden (Bug #35505 - Patch by Raimon)
[Fix] memberlist.php display formating can be distorted by posting long URL for website (Bug #36675 - Patch by TerraFrost)
@@ -155,12 +155,12 @@
[Change] Default difference view is now 'inline' instead of 'side by side'
[Change] Added new option for merging differences to conflicting files in automatic updater
[Change] Add link to user profile in the MCP for user notes and warn user.
- [Change] Add IN_PHPBB check to generated cache files. (reported by bantu)
+ [Change] Add IN_PHPBB check to generated cache files. (Reported by bantu)
[Change] Add topic icons to prosilver UCP main and subscribed templates (Bug #42735 - Patch by Raimon)
[Change] Add unique key to ACL options table to prevent duplicate permission options. (Bug #41835)
[Change] Redirect to relevant MCP page of multi-page topic if accessing quickmod tools (Split option for example)
- [Change] Performance improvements for native fulltext search (patch by Paul)
- [Change] Changed jumpto() JS function to be more fail-safe. (But #27635 - patch by peterkclee)
+ [Change] Performance improvements for native fulltext search (Patch by Paul)
+ [Change] Changed jumpto() JS function to be more fail-safe. (But #27635 - Patch by peterkclee)
[Feature] Added new options for visual confirmation.
[Feature] Allow download of conflicting file for later reference in automatic updater
[Feature] Allow translation of custom BBCode help messages. (Patch by bantu)
@@ -168,6 +168,7 @@
[Feature] Database updater checks for incompatible db schema (MySQL 3.x/4.x against MySQL 4.1.x/5.x/6.x)
[Feature] New search option: Maximum number of words allowed to search for.
[Sec] Prevent accounts from being activated by users when admin activation is turned on and the correct activation key is known.
+ [Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)
1.ii. Changes since 3.0.3
diff --git a/phpBB/posting.php b/phpBB/posting.php
index cc98e9c496..c16c55111a 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -75,6 +75,16 @@ switch ($mode)
trigger_error('NO_TOPIC');
}
+ // Force forum id
+ $sql = 'SELECT forum_id
+ FROM ' . TOPICS_TABLE . '
+ WHERE topic_id = ' . $topic_id;
+ $result = $db->sql_query($sql);
+ $f_id = (int) $db->sql_fetchfield('forum_id');
+ $db->sql_freeresult($result);
+
+ $forum_id = (!$f_id) ? $forum_id : $f_id;
+
$sql = 'SELECT f.*, t.*
FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f
WHERE t.topic_id = $topic_id
@@ -91,6 +101,16 @@ switch ($mode)
trigger_error('NO_POST');
}
+ // Force forum id
+ $sql = 'SELECT forum_id
+ FROM ' . POSTS_TABLE . '
+ WHERE post_id = ' . $post_id;
+ $result = $db->sql_query($sql);
+ $f_id = (int) $db->sql_fetchfield('forum_id');
+ $db->sql_freeresult($result);
+
+ $forum_id = (!$f_id) ? $forum_id : $f_id;
+
$sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u
WHERE p.post_id = $post_id