makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-25 11:28:55 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix ACL_UNSET problem ... was causing users to be granted permission even when denied

Browse source 
git-svn-id: file:///svn/phpbb/trunk@3877 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2003-04-17 21:43:39 +00:00
parent e28707b3c2
commit e93d9d23f2
1 changed files with 21 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
phpBB/includes/functions_admin.php
View file

@ -1653,42 +1653,44 @@ if (class_exists(auth))
$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE; $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
$id_field = $ug_type . '_id'; $id_field = $ug_type . '_id';
$sql_ary = array();
foreach ($forum_id as $forum) foreach ($forum_id as $forum)
{ {
foreach ($auth as $auth_option => $setting) foreach ($auth as $auth_option => $setting)
{ {
$auth_option_id = $option_ids[$auth_option]; $auth_option_id = $option_ids[$auth_option];
if (!empty($cur_auth[$forum])) switch ($setting)
{ {
if ($setting == ACL_UNSET && isset($cur_auth[$forum][$auth_option_id])) case ACL_UNSET:
{
$sql_ary[] = "DELETE FROM $table $sql_ary[] = "DELETE FROM $table
WHERE forum_id = $forum WHERE forum_id = $forum
AND auth_option_id = $auth_option_id AND auth_option_id = $auth_option_id
AND $id_field = $ug_id"; AND $id_field = $ug_id";
} break;
else
{ default:
$sql_ary[] = (!isset($cur_auth[$forum][$auth_option_id])) ? "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES ($ug_id, $forum, $auth_option_id, $setting)" : (($cur_auth[$forum][$auth_option_id] != $setting) ? "UPDATE " . $table . " SET auth_setting = $setting WHERE $id_field = $ug_id AND forum_id = $forum AND auth_option_id = $auth_option_id" : ''); if (isset($cur_auth[$forum][$auth_option_id]) && $cur_auth[$forum][$auth_option_id] != $setting)
} {
} $sql_ary[] = "UPDATE " . $table . "
else SET auth_setting = $setting
{ WHERE $id_field = $ug_id
$sql_ary[] = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES ($ug_id, $forum, $auth_option_id, $setting)"; AND forum_id = $forum
AND auth_option_id = $auth_option_id";
}
else if (!isset($cur_auth[$forum][$auth_option_id]))
{
$sql_ary[] = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting)
VALUES ($ug_id, $forum, $auth_option_id, $setting)";
}
} }
} }
} }
unset($forum_id); unset($cur_auth);
unset($user_auth);
foreach ($sql_ary as $sql) foreach ($sql_ary as $sql)
{ {
if ($sql != '') $result = $db->sql_query($sql);
{
$result = $db->sql_query($sql);
$db->sql_freeresult($result);
}
} }
unset($sql_ary); unset($sql_ary);