From 4ea3402f9363c9259881bc8ea6ce7fc6cb212657 Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Thu, 30 Apr 2009 08:15:32 +0000 Subject: [PATCH] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen) git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9499 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 13 +++++++------ phpBB/posting.php | 20 ++++++++++++++++++++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 986e957237..af9c56d75f 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -125,13 +125,13 @@
  • [Fix] Flash files do not display anymore after update to flash player 10 (Bug #41315)
  • [Fix] Use FQDN for SMTP EHLO/HELO command. (Bug #41025)
  • [Fix] Mass Email works again for users with empty jabber address but notification set to 'both'. (Bug #39755)
    • -
  • [Fix] Fix race condition for updating post/topic/etc. counter. (reported by BartVB)
    • +
  • [Fix] Fix race condition for updating post/topic/etc. counter. (Reported by BartVB)
  • [Fix] Fix duplicate creation of acl options in acl_add_options() under certain conditions. (Bug #38385, #40225)
  • [Fix] Cancel when replying to global announcement redirects to first forum - not to the current forum (Bug #41225 - Patch by TerraFrost)
  • [Fix] Cursor Jumps on New Topic in IE (Bug #42455 - Patch by TerraFrost)
  • [Fix] Add indicator to be used in code if session was created (user visits the site for the first time).
  • [Fix] Correctly count topic views for guests visiting the website the first time by entering the topic directly (Bug #43445)
    • -
  • [Fix] Fix bug in postgresql db layer for LIMIT ALL clauses (reported by JRSweets)
    • +
  • [Fix] Fix bug in postgresql db layer for LIMIT ALL clauses (Reported by JRSweets)
  • [Fix] Sort backups by date, newest first (Bug #14818)
  • [Fix] Prevent incomplete backups stored if option "store and download" is selected and admin cancel download by removing the option. (Bug #20325)
  • [Fix] Enforce correct case for template variables
    • @@ -144,7 +144,7 @@
  • [Fix] Do not create thumbnail if thumbnail would've the same size as the original image. (Bug #30725)
  • [Fix] Ability to vote in poll is now required for the ability to change existing vote. (Bug #38925)
  • [Fix] Search for 'topic title only' and 'first post' should work again for non-mysql dbms. (Bug #40605)
    • -
  • [Fix] Make sure additional information for accessibility is always exposed to screen readers (Bug #44335 - patch by MarcoZ)
    • +
  • [Fix] Make sure additional information for accessibility is always exposed to screen readers (Bug #44335 - Patch by MarcoZ)
  • [Fix] Approving a topic when some of the posts within that topic have already been approved (Bug #42585 - Patch by TerraFrost)
  • [Fix] Online status shown when post hidden (Bug #35505 - Patch by Raimon)
  • [Fix] memberlist.php display formating can be distorted by posting long URL for website (Bug #36675 - Patch by TerraFrost)
    • @@ -155,12 +155,12 @@
  • [Change] Default difference view is now 'inline' instead of 'side by side'
  • [Change] Added new option for merging differences to conflicting files in automatic updater
  • [Change] Add link to user profile in the MCP for user notes and warn user.
    • -
  • [Change] Add IN_PHPBB check to generated cache files. (reported by bantu)
    • +
  • [Change] Add IN_PHPBB check to generated cache files. (Reported by bantu)
  • [Change] Add topic icons to prosilver UCP main and subscribed templates (Bug #42735 - Patch by Raimon)
  • [Change] Add unique key to ACL options table to prevent duplicate permission options. (Bug #41835)
  • [Change] Redirect to relevant MCP page of multi-page topic if accessing quickmod tools (Split option for example)
    • -
  • [Change] Performance improvements for native fulltext search (patch by Paul)
    • -
  • [Change] Changed jumpto() JS function to be more fail-safe. (But #27635 - patch by peterkclee)
    • +
  • [Change] Performance improvements for native fulltext search (Patch by Paul)
    • +
  • [Change] Changed jumpto() JS function to be more fail-safe. (But #27635 - Patch by peterkclee)
  • [Feature] Added new options for visual confirmation.
  • [Feature] Allow download of conflicting file for later reference in automatic updater
  • [Feature] Allow translation of custom BBCode help messages. (Patch by bantu)
    • @@ -168,6 +168,7 @@
  • [Feature] Database updater checks for incompatible db schema (MySQL 3.x/4.x against MySQL 4.1.x/5.x/6.x)
  • [Feature] New search option: Maximum number of words allowed to search for.
  • [Sec] Prevent accounts from being activated by users when admin activation is turned on and the correct activation key is known.
    • +
  • [Sec] Only use forum id supplied for posting if global announcement detected. (Reported by nickvergessen)

    • 1.ii. Changes since 3.0.3

    diff --git a/phpBB/posting.php b/phpBB/posting.php index cc98e9c496..c16c55111a 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -75,6 +75,16 @@ switch ($mode) trigger_error('NO_TOPIC'); } + // Force forum id + $sql = 'SELECT forum_id + FROM ' . TOPICS_TABLE . ' + WHERE topic_id = ' . $topic_id; + $result = $db->sql_query($sql); + $f_id = (int) $db->sql_fetchfield('forum_id'); + $db->sql_freeresult($result); + + $forum_id = (!$f_id) ? $forum_id : $f_id; + $sql = 'SELECT f.*, t.* FROM ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . " f WHERE t.topic_id = $topic_id @@ -91,6 +101,16 @@ switch ($mode) trigger_error('NO_POST'); } + // Force forum id + $sql = 'SELECT forum_id + FROM ' . POSTS_TABLE . ' + WHERE post_id = ' . $post_id; + $result = $db->sql_query($sql); + $f_id = (int) $db->sql_fetchfield('forum_id'); + $db->sql_freeresult($result); + + $forum_id = (!$f_id) ? $forum_id : $f_id; + $sql = 'SELECT f.*, t.*, p.*, u.username, u.username_clean, u.user_sig, u.user_sig_bbcode_uid, u.user_sig_bbcode_bitfield FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . ' t, ' . FORUMS_TABLE . ' f, ' . USERS_TABLE . " u WHERE p.post_id = $post_id