From 676905bff5185034b898a038f82dc2036753d774 Mon Sep 17 00:00:00 2001 From: battye Date: Mon, 14 Jul 2025 14:11:32 +0000 Subject: [PATCH 1/3] [ticket/17157] Search to accomodate f_list_topics permission PHPBB-17157 --- phpBB/search.php | 37 +++++++++++++++++-- .../prosilver/template/search_results.html | 12 +++--- .../prosilver/template/viewforum_body.html | 6 +-- phpBB/viewforum.php | 9 ++++- 4 files changed, 50 insertions(+), 14 deletions(-) diff --git a/phpBB/search.php b/phpBB/search.php index 7ab8e15a1e..3e05204043 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -247,6 +247,32 @@ if ($keywords || $author || $author_id || $search_id || $submit) $ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true)))); } + // There are two exceptional scenarios we want to consider if there are any forums where an read forum = no, can read topics = yes + // In these cases, the user should see the topic title in the search results but not the link to the topic (or any posts) because + // they don't have the permissions for that. + $show_topic_title_only = false; + + // Firstly, is someone doing a quick search from the viewforum page? If so, force it to be a topic-only search for that one forum + // We know if this is the case due to the presence of this request var + $forum_quick_search = $request->variable('viewforum', 0); + if ($forum_quick_search && $auth->acl_get('f_list_topics', $forum_quick_search) && !$auth->acl_get('f_read', $forum_quick_search)) + { + $show_topic_title_only = true; + } + + // Secondly, is someone doing a topic search from the main search page? If so, we will strip the topic links while still showing the name + else if ($request->variable('sr', '') == 'topics' && $search_fields == 'titleonly') + { + // We will allow the 'can read topics = yes' forums back in to the search + $show_topic_title_only = true; + } + + if ($show_topic_title_only) + { + // Remove from $ex_fid_ary any of the 'can read topics' forums (meaning they will not be excluded from the search) + $ex_fid_ary = array_diff($ex_fid_ary, array_keys($auth->acl_getf('f_list_topics', true))); + } + $not_in_fid = (count($ex_fid_ary)) ? 'WHERE ' . $db->sql_in_set('f.forum_id', $ex_fid_ary, true) . " OR (f.forum_password <> '' AND fa.user_id <> " . (int) $user->data['user_id'] . ')' : ""; $sql = 'SELECT f.forum_id, f.forum_name, f.parent_id, f.forum_type, f.right_id, f.forum_password, f.forum_flags, fa.user_id @@ -349,6 +375,11 @@ if ($keywords || $author || $author_id || $search_id || $submit) $show_results = ($show_results == 'posts') ? 'posts' : 'topics'; } + if ($show_topic_title_only) + { + $show_results = 'topics'; + } + // define some variables needed for retrieving post_id/topic_id information $sort_by_sql = [ 'a' => 'u.username_clean', @@ -1157,10 +1188,10 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'S_TOPIC_DELETED' => $topic_deleted, 'S_HAS_POLL' => ($row['poll_start']) ? true : false, - 'U_LAST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'], + 'U_LAST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'] : false, 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), - 'U_NEWEST_POST' => append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread', + 'U_NEWEST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread' : false, 'U_MCP_REPORT' => append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=reports&mode=reports&t=' . $result_topic_id, true, $user->session_id), 'U_MCP_QUEUE' => $u_mcp_queue, ); @@ -1230,7 +1261,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) 'TOPIC_REPLIES' => $replies, 'TOPIC_VIEWS' => $row['topic_views'], - 'U_VIEW_TOPIC' => $view_topic_url, + 'U_VIEW_TOPIC' => $auth->acl_get('f_read', $forum_id) ? $view_topic_url : false, 'U_VIEW_FORUM' => append_sid("{$phpbb_root_path}viewforum.$phpEx", 'f=' . $forum_id), 'U_VIEW_POST' => (!empty($row['post_id'])) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['post_id'] . (($u_hilit) ? '&hilit=' . $u_hilit : '')) . '#p' . $row['post_id'] : '', )); diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 01cf17a746..8f664201bb 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -80,15 +80,15 @@
  • style="background-image: url({T_ICONS_PATH}{searchresults.TOPIC_ICON_IMG}); background-repeat: no-repeat;" title="{searchresults.TOPIC_FOLDER_IMG_ALT}"> - + {% if searchresults.U_NEWEST_POST and searchresults.S_UNREAD_TOPIC and not S_IS_BOT %}{% endif %}
    - + {% if searchresults.U_NEWEST_POST and searchresults.S_UNREAD_TOPIC and not S_IS_BOT %} {L_NEW_POST} - - {searchresults.TOPIC_TITLE} + {% endif %} + {% if searchresults.U_VIEW_TOPIC %}{searchresults.TOPIC_TITLE}{% else %}{searchresults.TOPIC_TITLE}{% endif %} {L_TOPIC_UNAPPROVED} @@ -146,11 +146,11 @@
    {searchresults.TOPIC_VIEWS} {L_VIEWS}
    {L_LAST_POST} {L_POST_BY_AUTHOR} {searchresults.LAST_POST_AUTHOR_FULL} - + {% if not S_IS_BOT and searchresults.U_LAST_POST %} {VIEW_LATEST_POST} - + {% endif %}
    diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index e9d04905bc..c02cc4879a 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -158,14 +158,14 @@
    style="background-image: url('{T_ICONS_PATH}{topicrow.TOPIC_ICON_IMG}'); background-repeat: no-repeat;" title="{topicrow.TOPIC_FOLDER_IMG_ALT}"> - + {% if topicrow.U_NEWEST_POST and topicrow.S_UNREAD_TOPIC and not S_IS_BOT %}{% endif %}
    - + {% if topicrow.U_NEWEST_POST and topicrow.S_UNREAD_TOPIC and not S_IS_BOT %} {NEW_POST} - + {% endif %} {topicrow.TOPIC_TITLE}{topicrow.TOPIC_TITLE} diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 300d57d0c7..0191039400 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -384,7 +384,12 @@ $post_alt = ($forum_data['forum_status'] == ITEM_LOCKED) ? $user->lang['FORUM_LO // Display active topics? $s_display_active = ($forum_data['forum_type'] == FORUM_CAT && ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false; -$s_search_hidden_fields = array('fid' => array($forum_id)); +// Send the forum id and send a parameter to make it clear it's a quick search +$s_search_hidden_fields = [ + 'fid' => [$forum_id], + 'viewforum' => $forum_id, +]; + if ($_SID) { $s_search_hidden_fields['sid'] = $_SID; @@ -1017,7 +1022,7 @@ if (count($topic_list)) 'S_TOPIC_MOVED' => ($row['topic_status'] == ITEM_MOVED) ? true : false, 'U_NEWEST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", $view_topic_url_params . '&view=unread') . '#unread' : false, - 'U_LAST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'] : false, + 'U_LAST_POST' => $auth->acl_get('f_read', $forum_id) ? append_sid("{$phpbb_root_path}viewtopic.$phpEx", 'p=' . $row['topic_last_post_id']) . '#p' . $row['topic_last_post_id'] : false, 'U_LAST_POST_AUTHOR' => get_username_string('profile', $row['topic_last_poster_id'], $row['topic_last_poster_name'], $row['topic_last_poster_colour']), 'U_TOPIC_AUTHOR' => get_username_string('profile', $row['topic_poster'], $row['topic_first_poster_name'], $row['topic_first_poster_colour']), 'U_VIEW_TOPIC' => $view_topic_url, From 078cd300fc32f362b957e03b2aea33059ee61f3e Mon Sep 17 00:00:00 2001 From: battye Date: Thu, 17 Jul 2025 15:45:56 +0000 Subject: [PATCH 2/3] [ticket/17157] Optimise the quick search code PHPBB-17157 --- phpBB/search.php | 32 +++++--------------------------- phpBB/viewforum.php | 10 ++++++++-- 2 files changed, 13 insertions(+), 29 deletions(-) diff --git a/phpBB/search.php b/phpBB/search.php index 3e05204043..59ed6a646b 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -247,29 +247,12 @@ if ($keywords || $author || $author_id || $search_id || $submit) $ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true)))); } - // There are two exceptional scenarios we want to consider if there are any forums where an read forum = no, can read topics = yes - // In these cases, the user should see the topic title in the search results but not the link to the topic (or any posts) because - // they don't have the permissions for that. - $show_topic_title_only = false; - - // Firstly, is someone doing a quick search from the viewforum page? If so, force it to be a topic-only search for that one forum - // We know if this is the case due to the presence of this request var - $forum_quick_search = $request->variable('viewforum', 0); - if ($forum_quick_search && $auth->acl_get('f_list_topics', $forum_quick_search) && !$auth->acl_get('f_read', $forum_quick_search)) + // Consider if there are any forums where can read forum = no, can read topics = yes + // In these cases, the user should see the topic title in the search results but not the link to the topic (or any posts) because they don't have the permissions + if ($request->variable('sr', '') == 'topics' && $search_fields == 'titleonly') { - $show_topic_title_only = true; - } - - // Secondly, is someone doing a topic search from the main search page? If so, we will strip the topic links while still showing the name - else if ($request->variable('sr', '') == 'topics' && $search_fields == 'titleonly') - { - // We will allow the 'can read topics = yes' forums back in to the search - $show_topic_title_only = true; - } - - if ($show_topic_title_only) - { - // Remove from $ex_fid_ary any of the 'can read topics' forums (meaning they will not be excluded from the search) + // The user could get here from a quick search through the viewforum page, or by doing a main search displayed by topics and searching only the topic titles. + // Allow the 'can read topics = yes' forums back in to the search by removing from $ex_fid_ary any of the 'can read topics' forums $ex_fid_ary = array_diff($ex_fid_ary, array_keys($auth->acl_getf('f_list_topics', true))); } @@ -375,11 +358,6 @@ if ($keywords || $author || $author_id || $search_id || $submit) $show_results = ($show_results == 'posts') ? 'posts' : 'topics'; } - if ($show_topic_title_only) - { - $show_results = 'topics'; - } - // define some variables needed for retrieving post_id/topic_id information $sort_by_sql = [ 'a' => 'u.username_clean', diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 0191039400..24bb5a99bb 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -384,12 +384,18 @@ $post_alt = ($forum_data['forum_status'] == ITEM_LOCKED) ? $user->lang['FORUM_LO // Display active topics? $s_display_active = ($forum_data['forum_type'] == FORUM_CAT && ($forum_data['forum_flags'] & FORUM_FLAG_ACTIVE_TOPICS)) ? true : false; -// Send the forum id and send a parameter to make it clear it's a quick search +// Send the forum id... and maybe some other fields, depending on permissions $s_search_hidden_fields = [ 'fid' => [$forum_id], - 'viewforum' => $forum_id, ]; +if ($auth->acl_get('f_list_topics', $forum_id) && !$auth->acl_get('f_read', $forum_id)) +{ + // If the user has list access but not read access, then force the search to only be a topic title search + $s_search_hidden_fields['sr'] = 'topics'; + $s_search_hidden_fields['sf'] = 'titleonly'; +} + if ($_SID) { $s_search_hidden_fields['sid'] = $_SID; From e0e457b03bc4db38436be6fe375b20ce8c3dbef7 Mon Sep 17 00:00:00 2001 From: battye Date: Fri, 18 Jul 2025 06:35:52 +0000 Subject: [PATCH 3/3] [ticket/17157] Whitespace and minor edits PHPBB-17157 --- phpBB/search.php | 2 +- phpBB/styles/prosilver/template/search_results.html | 4 ++-- phpBB/styles/prosilver/template/viewforum_body.html | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/phpBB/search.php b/phpBB/search.php index 59ed6a646b..e136096b60 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -247,7 +247,7 @@ if ($keywords || $author || $author_id || $search_id || $submit) $ex_fid_ary = array_unique(array_merge(array_keys($auth->acl_getf('!f_read', true)), array_keys($auth->acl_getf('!f_search', true)))); } - // Consider if there are any forums where can read forum = no, can read topics = yes + // Consider if there are any forums where can read forum = no, can read topics = yes // In these cases, the user should see the topic title in the search results but not the link to the topic (or any posts) because they don't have the permissions if ($request->variable('sr', '') == 'topics' && $search_fields == 'titleonly') { diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 8f664201bb..4c4c6aaa1c 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -80,7 +80,7 @@
  • style="background-image: url({T_ICONS_PATH}{searchresults.TOPIC_ICON_IMG}); background-repeat: no-repeat;" title="{searchresults.TOPIC_FOLDER_IMG_ALT}"> - {% if searchresults.U_NEWEST_POST and searchresults.S_UNREAD_TOPIC and not S_IS_BOT %}{% endif %} + {% if searchresults.U_NEWEST_POST and searchresults.S_UNREAD_TOPIC and not S_IS_BOT %}{% endif %}
    {% if searchresults.U_NEWEST_POST and searchresults.S_UNREAD_TOPIC and not S_IS_BOT %} @@ -88,7 +88,7 @@ {L_NEW_POST} {% endif %} - {% if searchresults.U_VIEW_TOPIC %}{searchresults.TOPIC_TITLE}{% else %}{searchresults.TOPIC_TITLE}{% endif %} + {% if searchresults.U_VIEW_TOPIC %}{{ searchresults.TOPIC_TITLE }}{% else %}{{ searchresults.TOPIC_TITLE }}{% endif %} {L_TOPIC_UNAPPROVED} diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index c02cc4879a..49aad65572 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -158,7 +158,7 @@
    style="background-image: url('{T_ICONS_PATH}{topicrow.TOPIC_ICON_IMG}'); background-repeat: no-repeat;" title="{topicrow.TOPIC_FOLDER_IMG_ALT}"> - {% if topicrow.U_NEWEST_POST and topicrow.S_UNREAD_TOPIC and not S_IS_BOT %}{% endif %} + {% if topicrow.U_NEWEST_POST and topicrow.S_UNREAD_TOPIC and not S_IS_BOT %}{% endif %}
    {% if topicrow.U_NEWEST_POST and topicrow.S_UNREAD_TOPIC and not S_IS_BOT %}