makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

require link hash for switchperm

Browse source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9915 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2009-08-03 13:32:52 +00:00
parent c748d865b2
commit d376811e7f
2 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/memberlist.php
View file

@ -580,7 +580,7 @@ switch ($mode)
'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '',
'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}") : '',
'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '',
'S_USER_NOTES' => ($user_notes_enabled) ? true : false,
'S_WARN_USER' => ($warn_user_enabled) ? true : false,

2
phpBB/ucp.php
View file

@ -186,7 +186,7 @@ switch ($mode)
$user_row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'])
if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm'))
{
redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
}