diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 8d822a4194..2b9929d498 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -121,6 +121,7 @@
[Fix] Correctly delete message attachments. (Bug #23755)
[Fix] Support (and retain) tabs in code blocks. (Bug #25445)
[Fix] Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index. (Bug #14589)
+ [Fix] Stop users from deleting posts after the edit time has passed or they have been locked. (Bug #19115)
[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.
[Change] Display warning in ACP if config.php file is left writable.
diff --git a/phpBB/posting.php b/phpBB/posting.php
index dbad69cf52..88f31bbe0a 100644
--- a/phpBB/posting.php
+++ b/phpBB/posting.php
@@ -1302,7 +1302,7 @@ $template->assign_vars(array(
'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false,
'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false,
'S_SHOW_TOPIC_ICONS' => $s_topic_icons,
- 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
+ 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false,
'S_BBCODE_ALLOWED' => $bbcode_status,
'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '',
'S_SMILIES_ALLOWED' => $smilies_status,
@@ -1411,11 +1411,11 @@ function upload_popup($forum_style = 0)
*/
function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data)
{
- global $user, $db, $auth;
+ global $user, $db, $auth, $config;
global $phpbb_root_path, $phpEx;
// If moderator removing post or user itself removing post, present a confirmation screen
- if ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id) && $post_id == $post_data['topic_last_post_id']))
+ if ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id) && $post_id == $post_data['topic_last_post_id'] && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])))
{
$s_hidden_fields = build_hidden_fields(array(
'p' => $post_id,
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 17e29fe60f..a0771d38c0 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -980,6 +980,7 @@ while ($row = $db->sql_fetchrow($result))
'post_edit_time' => $row['post_edit_time'],
'post_edit_reason' => $row['post_edit_reason'],
'post_edit_user' => $row['post_edit_user'],
+ 'post_edit_locked' => $row['post_edit_locked'],
// Make sure the icon actually exists
'icon_id' => (isset($icons[$row['icon_id']]['img'], $icons[$row['icon_id']]['height'], $icons[$row['icon_id']]['width'])) ? $row['icon_id'] : 0,
@@ -1439,7 +1440,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i)
'U_EDIT' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && $auth->acl_get('f_edit', $forum_id) && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_edit', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f=$forum_id&p={$row['post_id']}") : ''),
'U_QUOTE' => ($auth->acl_get('f_reply', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=quote&f=$forum_id&p={$row['post_id']}") : '',
'U_INFO' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=post_details&f=$forum_id&p=" . $row['post_id'], true, $user->session_id) : '',
- 'U_DELETE' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && $auth->acl_get('f_delete', $forum_id) && $topic_data['topic_last_post_id'] == $row['post_id'] && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&f=$forum_id&p={$row['post_id']}") : ''),
+ 'U_DELETE' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && $auth->acl_get('f_delete', $forum_id) && $topic_data['topic_last_post_id'] == $row['post_id'] && !$row['post_edit_locked'] && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&f=$forum_id&p={$row['post_id']}") : ''),
'U_PROFILE' => $user_cache[$poster_id]['profile'],
'U_SEARCH' => $user_cache[$poster_id]['search'],