From 9c5a3cca8995b4d1704c3cd57756a8434d4887af Mon Sep 17 00:00:00 2001 From: Chris Smith Date: Tue, 23 Sep 2008 18:04:52 +0000 Subject: [PATCH] Stop users from deleting posts after the edit time has passed or they have been locked. #19115 git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8924 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/docs/CHANGELOG.html | 1 + phpBB/posting.php | 6 +++--- phpBB/viewtopic.php | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 8d822a4194..2b9929d498 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -121,6 +121,7 @@
  • [Fix] Correctly delete message attachments. (Bug #23755)
  • [Fix] Support (and retain) tabs in code blocks. (Bug #25445)
  • [Fix] Correctly handle unread status of subforums (that are not shown on the index) of forums that are shown on the index. (Bug #14589)
    • +
  • [Fix] Stop users from deleting posts after the edit time has passed or they have been locked. (Bug #19115)
  • [Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.
  • [Change] Display warning in ACP if config.php file is left writable.
    • diff --git a/phpBB/posting.php b/phpBB/posting.php index dbad69cf52..88f31bbe0a 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -1302,7 +1302,7 @@ $template->assign_vars(array( 'S_EDIT_REASON' => ($mode == 'edit' && $auth->acl_get('m_edit', $forum_id)) ? true : false, 'S_DISPLAY_USERNAME' => (!$user->data['is_registered'] || ($mode == 'edit' && $post_data['poster_id'] == ANONYMOUS)) ? true : false, 'S_SHOW_TOPIC_ICONS' => $s_topic_icons, - 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id)) || $auth->acl_get('m_delete', $forum_id))) ? true : false, + 'S_DELETE_ALLOWED' => ($mode == 'edit' && (($post_id == $post_data['topic_last_post_id'] && $post_data['poster_id'] == $user->data['user_id'] && $auth->acl_get('f_delete', $forum_id) && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id))) ? true : false, 'S_BBCODE_ALLOWED' => $bbcode_status, 'S_BBCODE_CHECKED' => ($bbcode_checked) ? ' checked="checked"' : '', 'S_SMILIES_ALLOWED' => $smilies_status, @@ -1411,11 +1411,11 @@ function upload_popup($forum_style = 0) */ function handle_post_delete($forum_id, $topic_id, $post_id, &$post_data) { - global $user, $db, $auth; + global $user, $db, $auth, $config; global $phpbb_root_path, $phpEx; // If moderator removing post or user itself removing post, present a confirmation screen - if ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id) && $post_id == $post_data['topic_last_post_id'])) + if ($auth->acl_get('m_delete', $forum_id) || ($post_data['poster_id'] == $user->data['user_id'] && $user->data['is_registered'] && $auth->acl_get('f_delete', $forum_id) && $post_id == $post_data['topic_last_post_id'] && !$post_data['post_edit_locked'] && ($post_data['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time']))) { $s_hidden_fields = build_hidden_fields(array( 'p' => $post_id, diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 17e29fe60f..a0771d38c0 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -980,6 +980,7 @@ while ($row = $db->sql_fetchrow($result)) 'post_edit_time' => $row['post_edit_time'], 'post_edit_reason' => $row['post_edit_reason'], 'post_edit_user' => $row['post_edit_user'], + 'post_edit_locked' => $row['post_edit_locked'], // Make sure the icon actually exists 'icon_id' => (isset($icons[$row['icon_id']]['img'], $icons[$row['icon_id']]['height'], $icons[$row['icon_id']]['width'])) ? $row['icon_id'] : 0, @@ -1439,7 +1440,7 @@ for ($i = 0, $end = sizeof($post_list); $i < $end; ++$i) 'U_EDIT' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && $auth->acl_get('f_edit', $forum_id) && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_edit', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=edit&f=$forum_id&p={$row['post_id']}") : ''), 'U_QUOTE' => ($auth->acl_get('f_reply', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=quote&f=$forum_id&p={$row['post_id']}") : '', 'U_INFO' => ($auth->acl_get('m_info', $forum_id)) ? append_sid("{$phpbb_root_path}mcp.$phpEx", "i=main&mode=post_details&f=$forum_id&p=" . $row['post_id'], true, $user->session_id) : '', - 'U_DELETE' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && $auth->acl_get('f_delete', $forum_id) && $topic_data['topic_last_post_id'] == $row['post_id'] && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&f=$forum_id&p={$row['post_id']}") : ''), + 'U_DELETE' => (!$user->data['is_registered']) ? '' : ((($user->data['user_id'] == $poster_id && $auth->acl_get('f_delete', $forum_id) && $topic_data['topic_last_post_id'] == $row['post_id'] && !$row['post_edit_locked'] && ($row['post_time'] > time() - ($config['edit_time'] * 60) || !$config['edit_time'])) || $auth->acl_get('m_delete', $forum_id)) ? append_sid("{$phpbb_root_path}posting.$phpEx", "mode=delete&f=$forum_id&p={$row['post_id']}") : ''), 'U_PROFILE' => $user_cache[$poster_id]['profile'], 'U_SEARCH' => $user_cache[$poster_id]['search'],