makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-23 18:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

[feature/soft-delete] Fix permission check in viewtopic.php

Browse source 
PHPBB3-9567
This commit is contained in:
Joas Schilling 2012-10-15 13:17:05 +02:00
parent 4bf922fa03
commit a58a76ef5f
1 changed files with 7 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
phpBB/viewtopic.php
View file

@ -248,6 +248,13 @@ if (!$topic_data)
}
$forum_id = (int) $topic_data['forum_id'];
// Now we know the forum_id and can check the permissions
if ($topic_data['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id))
{
trigger_error('NO_TOPIC');
}
// This is for determining where we are (page)
if ($post_id)
{
@ -320,17 +327,6 @@ if (($topic_data['topic_type'] == POST_STICKY || $topic_data['topic_type'] == PO
// Setup look and feel
$user->setup('viewtopic', $topic_data['forum_style']);
/* the topic "does not exist":
* if the topic is unapproved and the user cannot approve it
* if the topic is deleted and the user cannot restore it
* NB: restoring a topic has two cases: moderator restore and poster restore.
*/
if (($topic_data['topic_visibility'] == ITEM_UNAPPROVED && !$auth->acl_get('m_approve', $forum_id))
|| ($topic_data['topic_visibility'] == ITEM_DELETED && (!$auth->acl_get('m_restore', $forum_id) || ($user->data['user_id'] == $topic_data['topic_poster'] && $auth->acl_get('f_restore', $forum_id)))))
{
trigger_error('NO_TOPIC');
}
// Start auth check
if (!$auth->acl_get('f_read', $forum_id))
{