makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-26 03:48:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix ACL_UNSET problem ... was causing users to be granted permission even when denied

Browse source 
git-svn-id: file:///svn/phpbb/trunk@3877 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-04-17 21:43:39 +00:00
parent e28707b3c2
commit e93d9d23f2
1 changed files with 21 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
phpBB/includes/functions_admin.php
View file

@ -1653,42 +1653,44 @@ if (class_exists(auth))
$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
$id_field = $ug_type . '_id'; $id_field = $ug_type . '_id';
$sql_ary = array();
foreach ($forum_id as $forum) foreach ($forum_id as $forum)
{ {
foreach ($auth as $auth_option => $setting) foreach ($auth as $auth_option => $setting)
{ {
$auth_option_id = $option_ids[$auth_option]; $auth_option_id = $option_ids[$auth_option];
if (!empty($cur_auth[$forum])) switch ($setting)
{
if ($setting == ACL_UNSET && isset($cur_auth[$forum][$auth_option_id]))
{ {
case ACL_UNSET:
$sql_ary[] = "DELETE FROM $table $sql_ary[] = "DELETE FROM $table
WHERE forum_id = $forum WHERE forum_id = $forum
AND auth_option_id = $auth_option_id AND auth_option_id = $auth_option_id
AND $id_field = $ug_id"; AND $id_field = $ug_id";
} break;
else
default:
if (isset($cur_auth[$forum][$auth_option_id]) && $cur_auth[$forum][$auth_option_id] != $setting)
{ {
$sql_ary[] = (!isset($cur_auth[$forum][$auth_option_id])) ? "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES ($ug_id, $forum, $auth_option_id, $setting)" : (($cur_auth[$forum][$auth_option_id] != $setting) ? "UPDATE " . $table . " SET auth_setting = $setting WHERE $id_field = $ug_id AND forum_id = $forum AND auth_option_id = $auth_option_id" : ''); $sql_ary[] = "UPDATE " . $table . "
SET auth_setting = $setting
WHERE $id_field = $ug_id
AND forum_id = $forum
AND auth_option_id = $auth_option_id";
} }
} else if (!isset($cur_auth[$forum][$auth_option_id]))
else
{ {
$sql_ary[] = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES ($ug_id, $forum, $auth_option_id, $setting)"; $sql_ary[] = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting)
VALUES ($ug_id, $forum, $auth_option_id, $setting)";
} }
} }
} }
unset($forum_id); }
unset($user_auth); unset($cur_auth);
foreach ($sql_ary as $sql) foreach ($sql_ary as $sql)
{
if ($sql != '')
{ {
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$db->sql_freeresult($result);
}
} }
unset($sql_ary); unset($sql_ary);