From 560ff2992132a4de341a074d36345edd1e7b09ff Mon Sep 17 00:00:00 2001
From: dougk_ff7 <dougk_ff7@users.sourceforge.net>
Date: Mon, 8 Jul 2002 06:09:11 +0000
Subject: [PATCH] Ok, not too much here... just a little enhancement to the
 Jumpbox, along with some security problems fixed.  All of them were found by
 Ludovic Arnaud, with the exception of one, which was also found by Paranti. I
 guess I'll be doing some more tomorrow, if I can find anything, but that's it
 for tonight. (I'm tired...)

--Doug


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2657 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/functions.php       |  6 ++++--
 phpBB/includes/usercp_avatar.php   | 10 +++++++++-
 phpBB/includes/usercp_register.php |  4 ++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php
index a58b2fd0ef..c6298808de 100644
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@@ -92,7 +92,9 @@ function get_userdata($user)
 
 function make_jumpbox($action, $match_forum_id = 0)
 {
-	global $template, $lang, $db, $SID, $nav_links, $phpEx;
+	global $template, $lang, $db, $userdata, $SID, $nav_links, $phpEx;
+	
+	$is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
 
 	$sql = "SELECT c.cat_id, c.cat_title, c.cat_order
 		FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f
@@ -135,7 +137,7 @@ function make_jumpbox($action, $match_forum_id = 0)
 				$boxstring_forums = '';
 				for($j = 0; $j < $total_forums; $j++)
 				{
-					if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG )
+					if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] )
 					{
 						$selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : '';
 						$boxstring_forums .=  '<option value="' . $forum_rows[$j]['forum_id'] . '"' . $selected . '>' . $forum_rows[$j]['forum_name'] . '</option>';
diff --git a/phpBB/includes/usercp_avatar.php b/phpBB/includes/usercp_avatar.php
index 00a8bf02e4..eddc042dfb 100644
--- a/phpBB/includes/usercp_avatar.php
+++ b/phpBB/includes/usercp_avatar.php
@@ -64,7 +64,15 @@ function user_avatar_delete($avatar_type, $avatar_file)
 
 function user_avatar_gallery($mode, &$error, &$error_msg, $avatar_filename)
 {
-	return ( $mode == 'editprofile' ) ? ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY : '';
+	if ( file_exists($board_config['avatar_gallery_path'] . '/' . $avatar_filename) && ($mode == 'editprofile') )
+	{
+		$return = ", user_avatar = '" . str_replace("\'", "''", $avatar_filename) . "', user_avatar_type = " . USER_AVATAR_GALLERY;
+	}
+	else
+	{
+		$return = '';
+	}
+	return $return;
 }
 
 function user_avatar_url($mode, &$error, &$error_msg, $avatar_filename)
diff --git a/phpBB/includes/usercp_register.php b/phpBB/includes/usercp_register.php
index c43c43a097..fa6b93a62b 100644
--- a/phpBB/includes/usercp_register.php
+++ b/phpBB/includes/usercp_register.php
@@ -393,6 +393,10 @@ if ( isset($HTTP_POST_VARS['submit']) )
 	{
 		$avatar_sql = user_avatar_gallery($mode, $error, $error_msg, $user_avatar_local);
 	}
+	else
+	{
+		$avatar_sql = '';
+	}
 
 	if ( !$error )
 	{