From 588dd7337fd87719b21cf2ec85671713e925acb9 Mon Sep 17 00:00:00 2001
From: Joas Schilling <nickvergessen@gmx.de>
Date: Mon, 22 Jun 2009 09:43:01 +0000
Subject: [PATCH] Fix bug #13673 -  Add confirm-box when deleting permissions

Authorised by: acydburn

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9652 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/docs/CHANGELOG.html              |  1 +
 phpBB/includes/acp/acp_permissions.php | 66 ++++++++++++++++----------
 2 files changed, 43 insertions(+), 24 deletions(-)

diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 37364e09d1..f9d3fd73eb 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -158,6 +158,7 @@
 		<li>[Feature] Add new option to disable avatars board-wide (Bug #46785 - Patch by cYbercOsmOnauT and nickvergessen)</li>
 		<li>[Feature] Enhance obtain_users_online_string to be able to return user-lists for other session-items (Bug #31975 - Patch by nickvergessen)</li>
 		<li>[Feature] Add unapproved topic icon for moderators on forum list (Bug #46865 - Patch by nickvergessen)</li>
+		<li>[Feature] Add confirm-box when deleting permissions (Bug #13673 - Patch by nickvergessen)</li>
 	</ul>
 	<a name="v304"></a><h3>1.ii. Changes since 3.0.4</h3>
 
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php
index 1dab6febdd..077a3d7c83 100644
--- a/phpBB/includes/acp/acp_permissions.php
+++ b/phpBB/includes/acp/acp_permissions.php
@@ -217,43 +217,61 @@ class acp_permissions
 			trigger_error($user->lang['WRONG_PERMISSION_TYPE'] . adm_back_link($this->u_action), E_USER_WARNING);
 		}
 
-
 		// Handle actions
 		if (strpos($mode, 'setting_') === 0 && $action)
 		{
 			switch ($action)
 			{
 				case 'delete':
-
-					if (!check_form_key($form_name))
+					if (confirm_box(true))
 					{
-						trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING);
-					}
-					// All users/groups selected?
-					$all_users = (isset($_POST['all_users'])) ? true : false;
-					$all_groups = (isset($_POST['all_groups'])) ? true : false;
+						// All users/groups selected?
+						$all_users = (isset($_POST['all_users'])) ? true : false;
+						$all_groups = (isset($_POST['all_groups'])) ? true : false;
 
-					if ($all_users || $all_groups)
-					{
-						$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
-
-						if ($all_users && sizeof($items['user_ids']))
+						if ($all_users || $all_groups)
 						{
-							$user_id = $items['user_ids'];
-						}
-						else if ($all_groups && sizeof($items['group_ids']))
-						{
-							$group_id = $items['group_ids'];
-						}
-					}
+							$items = $this->retrieve_defined_user_groups($permission_scope, $forum_id, $permission_type);
 
-					if (sizeof($user_id) || sizeof($group_id))
-					{
-						$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
+							if ($all_users && sizeof($items['user_ids']))
+							{
+								$user_id = $items['user_ids'];
+							}
+							else if ($all_groups && sizeof($items['group_ids']))
+							{
+								$group_id = $items['group_ids'];
+							}
+						}
+
+						if (sizeof($user_id) || sizeof($group_id))
+						{
+							$this->remove_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id, $forum_id);
+						}
+						else
+						{
+							trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
+						}
 					}
 					else
 					{
-						trigger_error($user->lang['NO_USER_GROUP_SELECTED'] . adm_back_link($this->u_action), E_USER_WARNING);
+						$s_hidden_fields = array(
+							'i'				=> $id,
+							'mode'			=> $mode,
+							'action'		=> array($action => 1),
+							'user_id'		=> $user_id,
+							'group_id'		=> $group_id,
+							'forum_id'		=> $forum_id,
+							'type'			=> $permission_type,
+						);
+						if (isset($_POST['all_users']))
+						{
+							$s_hidden_fields['all_users'] = 1;
+						}
+						if (isset($_POST['all_groups']))
+						{
+							$s_hidden_fields['all_groups'] = 1;
+						}
+						confirm_box(false, $user->lang['CONFIRM_OPERATION'], build_hidden_fields($s_hidden_fields));
 					}
 				break;