makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

Moderators can only see reports/queue/logs from forums they can actually read. #31085

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9015 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Chris Smith 2008-10-14 18:29:50 +00:00
parent 02dd8c52c2
commit bc2f055ccd
6 changed files with 31 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
phpBB/docs/CHANGELOG.html
View file

@ -146,6 +146,7 @@
<li>[Fix] Disable mass e-mail when e-mail is disabled. (Bug #27385)</li> <li>[Fix] Disable mass e-mail when e-mail is disabled. (Bug #27385)</li>
<li>[Fix] Display coloured poster username of queued posts displayed on the front of the MCP.</li> <li>[Fix] Display coloured poster username of queued posts displayed on the front of the MCP.</li>
<li>[Fix] Forum last post information is now correctly updated when a topic/post is disapproved due to editing. (Bug #24475)</li> <li>[Fix] Forum last post information is now correctly updated when a topic/post is disapproved due to editing. (Bug #24475)</li>
<li>[Fix] Moderators can only see reports/queue/logs from forums they can actually read. (Bug #31085)</li>
<li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li> <li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li>
<li>[Change] Display warning in ACP if config.php file is left writable.</li> <li>[Change] Display warning in ACP if config.php file is left writable.</li>

6
phpBB/includes/mcp/mcp_front.php
View file

@ -27,7 +27,7 @@ function mcp_front_view($id, $mode, $action)
// Latest 5 unapproved // Latest 5 unapproved
if ($module->loaded('queue')) if ($module->loaded('queue'))
{ {
$forum_list = get_forum_list('m_approve'); $forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'));
$post_list = array(); $post_list = array();
$forum_names = array(); $forum_names = array();
@ -143,7 +143,7 @@ function mcp_front_view($id, $mode, $action)
// Latest 5 reported // Latest 5 reported
if ($module->loaded('reports')) if ($module->loaded('reports'))
{ {
$forum_list = get_forum_list('m_report'); $forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_report'));
$template->assign_var('S_SHOW_REPORTS', (!empty($forum_list)) ? true : false); $template->assign_var('S_SHOW_REPORTS', (!empty($forum_list)) ? true : false);
@ -246,7 +246,7 @@ function mcp_front_view($id, $mode, $action)
// Latest 5 logs // Latest 5 logs
if ($module->loaded('logs')) if ($module->loaded('logs'))
{ {
$forum_list = get_forum_list('m_'); $forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_'));
if (!empty($forum_list)) if (!empty($forum_list))
{ {

2
phpBB/includes/mcp/mcp_logs.php
View file

@ -63,7 +63,7 @@ class mcp_logs
$this->tpl_name = 'mcp_logs'; $this->tpl_name = 'mcp_logs';
$this->page_title = 'MCP_LOGS'; $this->page_title = 'MCP_LOGS';
$forum_list = get_forum_list('m_'); $forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_'));
$forum_list[] = 0; $forum_list[] = 0;
$forum_id = $topic_id = 0; $forum_id = $topic_id = 0;

11
phpBB/includes/mcp/mcp_queue.php
View file

@ -242,6 +242,17 @@ class mcp_queue
} }
$forum_list_approve = get_forum_list('m_approve', false, true); $forum_list_approve = get_forum_list('m_approve', false, true);
$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
// Remove forums we cannot read
foreach ($forum_list_approve as $k => $forum_data)
{
if (!isset($forum_list_read[$forum_data['forum_id']]))
{
unset($forum_list_approve[$k]);
}
}
unset($forum_list_read);
if (!$forum_id) if (!$forum_id)
{ {

11
phpBB/includes/mcp/mcp_reports.php
View file

@ -246,6 +246,17 @@ class mcp_reports
$forum_info = array(); $forum_info = array();
$forum_list_reports = get_forum_list('m_report', false, true); $forum_list_reports = get_forum_list('m_report', false, true);
$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
// Remove forums we cannot read
foreach ($forum_list_reports as $k => $forum_data)
{
if (!isset($forum_list_read[$forum_data['forum_id']]))
{
unset($forum_list_reports[$k]);
}
}
unset($forum_list_read);
if ($topic_id && $forum_id) if ($topic_id && $forum_id)
{ {

8
phpBB/mcp.php
View file

@ -612,7 +612,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
$sql = 'SELECT COUNT(post_id) AS total $sql = 'SELECT COUNT(post_id) AS total
FROM ' . POSTS_TABLE . " FROM ' . POSTS_TABLE . "
$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . ' $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . '
AND post_approved = 0'; AND post_approved = 0';
if ($min_time) if ($min_time)
@ -628,7 +628,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
$sql = 'SELECT COUNT(topic_id) AS total $sql = 'SELECT COUNT(topic_id) AS total
FROM ' . TOPICS_TABLE . " FROM ' . TOPICS_TABLE . "
$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . ' $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . '
AND topic_approved = 0'; AND topic_approved = 0';
if ($min_time) if ($min_time)
@ -654,7 +654,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
} }
else else
{ {
$where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list('!m_report'), true, true); $where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list(array('!f_read', '!m_report')), true, true);
} }
if ($mode == 'reports') if ($mode == 'reports')
@ -680,7 +680,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
$sql = 'SELECT COUNT(log_id) AS total $sql = 'SELECT COUNT(log_id) AS total
FROM ' . LOG_TABLE . " FROM ' . LOG_TABLE . "
$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_')) . ' $where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_'))) . '
AND log_time >= ' . $min_time . ' AND log_time >= ' . $min_time . '
AND log_type = ' . LOG_MOD; AND log_type = ' . LOG_MOD;
break; break;