diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 6d1f0759cc..b7490eabb1 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -143,6 +143,7 @@
[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)
[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)
[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)
+ [Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil<3)
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php
index 18a8c9b77c..a4c6b18f8f 100644
--- a/phpBB/memberlist.php
+++ b/phpBB/memberlist.php
@@ -880,20 +880,22 @@ switch ($mode)
$template_html = 'memberlist_body.html';
// Sorting
- $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'e' => $user->lang['SORT_EMAIL'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['JABBER']);
+ $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['JABBER']);
+ $sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber');
+
+ if ($auth->acl_get('a_user'))
+ {
+ $sort_key_text['e'] = $user->lang['SORT_EMAIL'];
+ $sort_key_sql['e'] = 'u.user_email';
+ }
if ($auth->acl_get('u_viewonline'))
{
$sort_key_text['l'] = $user->lang['SORT_LAST_ACTIVE'];
- }
- $sort_key_text['m'] = $user->lang['SORT_RANK'];
-
- $sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'e' => 'u.user_email', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber');
-
- if ($auth->acl_get('u_viewonline'))
- {
$sort_key_sql['l'] = 'u.user_lastvisit';
}
+
+ $sort_key_text['m'] = $user->lang['SORT_RANK'];
$sort_key_sql['m'] = 'u.user_rank DESC, u.user_posts';
$sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']);
@@ -969,7 +971,7 @@ switch ($mode)
}
$sql_where .= ($username) ? ' AND u.username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : '';
- $sql_where .= ($email) ? ' AND u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
+ $sql_where .= ($auth->acl_get('a_user') && $email) ? ' AND u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : '';
$sql_where .= ($icq) ? ' AND u.user_icq ' . $db->sql_like_expression(str_replace('*', $db->any_char, $icq)) . ' ' : '';
$sql_where .= ($aim) ? ' AND u.user_aim ' . $db->sql_like_expression(str_replace('*', $db->any_char, $aim)) . ' ' : '';
$sql_where .= ($yahoo) ? ' AND u.user_yim ' . $db->sql_like_expression(str_replace('*', $db->any_char, $yahoo)) . ' ' : '';
@@ -1286,6 +1288,7 @@ switch ($mode)
'IP' => $ipdomain,
'S_IP_SEARCH_ALLOWED' => ($auth->acl_getf_global('m_info')) ? true : false,
+ 'S_EMAIL_SEARCH_ALLOWED'=> ($auth->acl_get('a_user')) ? true : false,
'S_IN_SEARCH_POPUP' => ($form && $field) ? true : false,
'S_SEARCH_USER' => true,
'S_FORM_NAME' => $form,
@@ -1485,9 +1488,9 @@ function show_profile($data)
$rank_title = $rank_img = $rank_img_src = '';
get_user_rank($data['user_rank'], $data['user_posts'], $rank_title, $rank_img, $rank_img_src);
- if (!empty($data['user_allow_viewemail']) || $auth->acl_get('a_email'))
+ if (!empty($data['user_allow_viewemail']) || $auth->acl_get('a_user'))
{
- $email = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=email&u=' . $user_id) : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $data['user_email']);
+ $email = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=email&u=' . $user_id) : (($config['board_hide_emails'] && !$auth->acl_get('a_user')) ? '' : 'mailto:' . $data['user_email']);
}
else
{
diff --git a/phpBB/styles/prosilver/template/memberlist_search.html b/phpBB/styles/prosilver/template/memberlist_search.html
index 1d1d45bf8e..65c4707944 100644
--- a/phpBB/styles/prosilver/template/memberlist_search.html
+++ b/phpBB/styles/prosilver/template/memberlist_search.html
@@ -53,10 +53,12 @@ function insert_single(user)
+
+
diff --git a/phpBB/styles/subsilver2/template/memberlist_search.html b/phpBB/styles/subsilver2/template/memberlist_search.html
index fff71a90d6..96ffad00d6 100644
--- a/phpBB/styles/subsilver2/template/memberlist_search.html
+++ b/phpBB/styles/subsilver2/template/memberlist_search.html
@@ -84,8 +84,12 @@
|
+
| {L_EMAIL}: |
|
+
+ |
+
{L_AIM}: |
|