diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-09 14:17:02 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-09 14:17:02 +0000 |
| commit | 253f18632242a113c97a3e5d70ee6f65c3f9ce84 (patch) | |
| tree | 5d27d1f5728360927655a27daf6fde055ccdea99 | |
| parent | ab5146a72ab8e348b9527c0df3dc5ad8f0d759f3 (diff) | |
| download | forums-253f18632242a113c97a3e5d70ee6f65c3f9ce84.tar forums-253f18632242a113c97a3e5d70ee6f65c3f9ce84.tar.gz forums-253f18632242a113c97a3e5d70ee6f65c3f9ce84.tar.bz2 forums-253f18632242a113c97a3e5d70ee6f65c3f9ce84.tar.xz forums-253f18632242a113c97a3e5d70ee6f65c3f9ce84.zip | |
- Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway. (Bug #15088)
- Do not display last post link and sort display options for search engines. (Bug #15088)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8987 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 3 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/functions_display.php | 19 | ||||
| -rw-r--r-- | phpBB/index.php | 11 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/forumlist_body.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/overall_footer.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/search_results.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/viewforum_body.html | 6 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/viewtopic_body.html | 4 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/forumlist_body.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/index_body.html | 4 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/viewforum_body.html | 6 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/viewtopic_body.html | 2 |
13 files changed, 45 insertions, 20 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 67d353de98..55fdac3d17 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -130,6 +130,9 @@ <li>[Fix] Use phpBB 3.1.x method for storing cached data to prevent PHP bug with our usage of var_export(). (Thanks to Techie Micheal and HoL for pointing out possible problems)</li> <li>[Fix] Check users pm preferences for pm's sent to groups. (Bug #33245)</li> <li>[Fix] Do not allow password reminders if u_passchg permission is not given. (Bug #14806)</li> + <li>[Fix] Implemented strict check for cached user permissions and existing ACL options. This fix makes sure cached permissions are valid, even if they got already cached.</li> + <li>[Fix] Do not show link to user/group profiles if user has no permission to view the linked page and gets a denied message anyway. (Bug #15088)</li> + <li>[Fix] Do not display last post link and sort display options for search engines. (Bug #15088)</li> <li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li> <li>[Change] Display warning in ACP if config.php file is left writable.</li> diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 862314aba9..fabb1e1aa3 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -3681,7 +3681,7 @@ function page_header($page_title = '', $display_online_list = true) 'U_SEARCH_UNANSWERED' => append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=unanswered'), 'U_SEARCH_ACTIVE_TOPICS'=> append_sid("{$phpbb_root_path}search.$phpEx", 'search_id=active_topics'), 'U_DELETE_COOKIES' => append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=delete_cookies'), - 'U_TEAM' => append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'), + 'U_TEAM' => ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) ? '' : append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=leaders'), 'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=restore_perm') : '', 'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false, diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 5b0dd8258d..44bd0214fa 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -260,7 +260,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod meta_refresh(3, $redirect); trigger_error($message); } - + } // Grab moderators ... if necessary @@ -656,7 +656,7 @@ function topic_generate_pagination($replies, $url) */ function get_moderators(&$forum_moderators, $forum_id = false) { - global $config, $template, $db, $phpbb_root_path, $phpEx; + global $config, $template, $db, $phpbb_root_path, $phpEx, $user, $auth; // Have we disabled the display of moderators? If so, then return // from whence we came ... @@ -715,7 +715,16 @@ function get_moderators(&$forum_moderators, $forum_id = false) } else { - $forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>'; + $group_name = (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']); + + if ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile')) + { + $forum_moderators[$row['forum_id']][] = '<span' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . '>' . $group_name . '</span>'; + } + else + { + $forum_moderators[$row['forum_id']][] = '<a' . (($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . ';"' : '') . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']) . '">' . $group_name . '</a>'; + } } } $db->sql_freeresult($result); @@ -1037,7 +1046,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, if (!is_null($notify_status) && $notify_status !== '') { - + if (isset($_GET['unwatch'])) { $uid = request_var('uid', 0); @@ -1084,7 +1093,7 @@ function watch_topic_forum($mode, &$s_watching, $user_id, $forum_id, $topic_id, { $token = request_var('hash', ''); $redirect_url = append_sid("{$phpbb_root_path}view$mode.$phpEx", "$u_url=$match_id&start=$start"); - + if ($_GET['watch'] == $mode && check_link_hash($token, "{$mode}_$match_id")) { $is_watching = true; diff --git a/phpBB/index.php b/phpBB/index.php index 11568c2db9..2d1329c511 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -60,22 +60,25 @@ else } $result = $db->sql_query($sql); -$legend = ''; +$legend = array(); while ($row = $db->sql_fetchrow($result)) { $colour_text = ($row['group_colour']) ? ' style="color:#' . $row['group_colour'] . '"' : ''; + $group_name = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']; - if ($row['group_name'] == 'BOTS') + if ($row['group_name'] == 'BOTS' || ($user->data['user_id'] != ANONYMOUS && !$auth->acl_get('u_viewprofile'))) { - $legend .= (($legend != '') ? ', ' : '') . '<span' . $colour_text . '>' . $user->lang['G_BOTS'] . '</span>'; + $legend[] = '<span' . $colour_text . '>' . $group_name . '</span>'; } else { - $legend .= (($legend != '') ? ', ' : '') . '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']) . '">' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</a>'; + $legend[] = '<a' . $colour_text . ' href="' . append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=group&g=' . $row['group_id']) . '">' . $group_name . '</a>'; } } $db->sql_freeresult($result); +$legend = implode(', ', $legend); + // Generate birthday list if required ... $birthday_list = ''; if ($config['load_birthdays'] && $config['allow_birthdays']) diff --git a/phpBB/styles/prosilver/template/forumlist_body.html b/phpBB/styles/prosilver/template/forumlist_body.html index 29b75240c1..8ed80883e9 100644 --- a/phpBB/styles/prosilver/template/forumlist_body.html +++ b/phpBB/styles/prosilver/template/forumlist_body.html @@ -42,7 +42,7 @@ <dd class="posts">{forumrow.POSTS} <dfn>{L_POSTS}</dfn></dd> <dd class="lastpost"><span> <!-- IF forumrow.LAST_POST_TIME --><dfn>{L_LAST_POST}</dfn> {L_POST_BY_AUTHOR} {forumrow.LAST_POSTER_FULL} - <a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <br />{L_POSTED_ON_DATE} {forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<!-- ENDIF --></span> + <!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{L_POSTED_ON_DATE} {forumrow.LAST_POST_TIME}<!-- ELSE -->{L_NO_POSTS}<!-- ENDIF --></span> </dd> <!-- ENDIF --> </dl> diff --git a/phpBB/styles/prosilver/template/overall_footer.html b/phpBB/styles/prosilver/template/overall_footer.html index 4abe2bb2a4..fd8af31db6 100644 --- a/phpBB/styles/prosilver/template/overall_footer.html +++ b/phpBB/styles/prosilver/template/overall_footer.html @@ -13,7 +13,7 @@ <!-- IF U_BOOKMARK_TOPIC --><li class="icon-bookmark"><a href="{U_BOOKMARK_TOPIC}" title="{L_BOOKMARK_TOPIC}">{L_BOOKMARK_TOPIC}</a></li><!-- ENDIF --> <!-- IF U_BUMP_TOPIC --><li class="icon-bump"><a href="{U_BUMP_TOPIC}" title="{L_BUMP_TOPIC}">{L_BUMP_TOPIC}</a></li><!-- ENDIF --> <!-- ENDIF --> - <li class="rightside"><a href="{U_TEAM}">{L_THE_TEAM}</a> • <!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a> • <!-- ENDIF -->{S_TIMEZONE}</li> + <li class="rightside"><!-- IF U_TEAM --><a href="{U_TEAM}">{L_THE_TEAM}</a> • <!-- ENDIF --><!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a> • <!-- ENDIF -->{S_TIMEZONE}</li> </ul> <span class="corners-bottom"><span></span></span></div> diff --git a/phpBB/styles/prosilver/template/search_results.html b/phpBB/styles/prosilver/template/search_results.html index 3924fa3944..9159b126f1 100644 --- a/phpBB/styles/prosilver/template/search_results.html +++ b/phpBB/styles/prosilver/template/search_results.html @@ -66,7 +66,7 @@ <dd class="views">{searchresults.TOPIC_VIEWS}</dd> <dd class="lastpost"><span> {L_POST_BY_AUTHOR} {searchresults.LAST_POST_AUTHOR_FULL} - <a href="{searchresults.U_LAST_POST}">{LAST_POST_IMG}</a> <br />{L_POSTED_ON_DATE} {searchresults.LAST_POST_TIME}<br /> </span> + <!-- IF not S_IS_BOT --><a href="{searchresults.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{L_POSTED_ON_DATE} {searchresults.LAST_POST_TIME}<br /> </span> </dd> </dl> </li> diff --git a/phpBB/styles/prosilver/template/viewforum_body.html b/phpBB/styles/prosilver/template/viewforum_body.html index 056afb0548..b3f81df865 100644 --- a/phpBB/styles/prosilver/template/viewforum_body.html +++ b/phpBB/styles/prosilver/template/viewforum_body.html @@ -147,7 +147,7 @@ <dd class="posts">{topicrow.REPLIES} <dfn>{L_REPLIES}</dfn></dd> <dd class="views">{topicrow.VIEWS} <dfn>{L_VIEWS}</dfn></dd> <dd class="lastpost"><span><dfn>{L_LAST_POST} </dfn>{L_POST_BY_AUTHOR} {topicrow.LAST_POST_AUTHOR_FULL} - <a href="{topicrow.U_LAST_POST}">{LAST_POST_IMG}</a> <br />{L_POSTED_ON_DATE} {topicrow.LAST_POST_TIME}</span> + <!-- IF not S_IS_BOT --><a href="{topicrow.U_LAST_POST}">{LAST_POST_IMG}</a> <!-- ENDIF --><br />{L_POSTED_ON_DATE} {topicrow.LAST_POST_TIME}</span> </dd> </dl> </li> @@ -173,9 +173,11 @@ <fieldset class="display-options"> <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box {S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box {S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF not S_IS_BOT --> <label>{L_DISPLAY_TOPICS}: {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR} <input type="submit" name="sort" value="{L_GO}" class="button2" /></label> + <!-- ENDIF --> </fieldset> </form> <hr /> @@ -204,7 +206,7 @@ <!-- INCLUDE jumpbox.html --> <!-- IF S_DISPLAY_ONLINE_LIST --> - <h3><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a></h3> + <h3><!-- IF U_VIEWONLINE --><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a><!-- ELSE -->{L_WHO_IS_ONLINE}<!-- ENDIF --></h3> <p>{LOGGED_IN_USER_LIST}</p> <!-- ENDIF --> diff --git a/phpBB/styles/prosilver/template/viewtopic_body.html b/phpBB/styles/prosilver/template/viewtopic_body.html index ee89b3b15f..5231d7934f 100644 --- a/phpBB/styles/prosilver/template/viewtopic_body.html +++ b/phpBB/styles/prosilver/template/viewtopic_body.html @@ -229,8 +229,10 @@ <fieldset class="display-options" style="margin-top: 0; "> <!-- IF PREVIOUS_PAGE --><a href="{PREVIOUS_PAGE}" class="left-box {S_CONTENT_FLOW_BEGIN}">{L_PREVIOUS}</a><!-- ENDIF --> <!-- IF NEXT_PAGE --><a href="{NEXT_PAGE}" class="right-box {S_CONTENT_FLOW_END}">{L_NEXT}</a><!-- ENDIF --> + <!-- IF not S_IS_BOT --> <label>{L_DISPLAY_POSTS}: {S_SELECT_SORT_DAYS}</label> <label>{L_SORT_BY} {S_SELECT_SORT_KEY}</label> <label>{S_SELECT_SORT_DIR} <input type="submit" name="sort" value="{L_GO}" class="button2" /></label> + <!-- ENDIF --> </fieldset> </form> @@ -264,7 +266,7 @@ <!-- ENDIF --> <!-- IF S_DISPLAY_ONLINE_LIST --> - <h3><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a></h3> + <h3><!-- IF U_VIEWONLINE --><a href="{U_VIEWONLINE}">{L_WHO_IS_ONLINE}</a><!-- ELSE -->{L_WHO_IS_ONLINE}<!-- ENDIF --></h3> <p>{LOGGED_IN_USER_LIST}</p> <!-- ENDIF --> diff --git a/phpBB/styles/subsilver2/template/forumlist_body.html b/phpBB/styles/subsilver2/template/forumlist_body.html index 70e4ca813f..368610ebe1 100644 --- a/phpBB/styles/subsilver2/template/forumlist_body.html +++ b/phpBB/styles/subsilver2/template/forumlist_body.html @@ -60,7 +60,7 @@ <!-- IF forumrow.LAST_POST_TIME --> <p class="topicdetails">{forumrow.LAST_POST_TIME}</p> <p class="topicdetails">{forumrow.LAST_POSTER_FULL} - <a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a> + <!-- IF not S_IS_BOT --><a href="{forumrow.U_LAST_POST}">{LAST_POST_IMG}</a><!-- ENDIF --> </p> <!-- ELSE --> <p class="topicdetails">{L_NO_POSTS}</p> diff --git a/phpBB/styles/subsilver2/template/index_body.html b/phpBB/styles/subsilver2/template/index_body.html index 3958743229..bf523dc3f2 100644 --- a/phpBB/styles/subsilver2/template/index_body.html +++ b/phpBB/styles/subsilver2/template/index_body.html @@ -10,7 +10,9 @@ <!-- INCLUDE forumlist_body.html --> -<span class="gensmall"><!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a><!-- ENDIF --> | <a href="{U_TEAM}">{L_THE_TEAM}</a></span><br /> +<!-- IF not S_IS_BOT or U_TEAM --> +<span class="gensmall"><!-- IF not S_IS_BOT --><a href="{U_DELETE_COOKIES}">{L_DELETE_COOKIES}</a><!-- ENDIF --><!-- IF not S_IS_BOT and U_TEAM --> | <!-- ENDIF --><!-- IF U_TEAM --><a href="{U_TEAM}">{L_THE_TEAM}</a><!-- ENDIF --></span><br /> +<!-- ENDIF --> <br clear="all" /> diff --git a/phpBB/styles/subsilver2/template/viewforum_body.html b/phpBB/styles/subsilver2/template/viewforum_body.html index c196bc60a0..c4375b6415 100644 --- a/phpBB/styles/subsilver2/template/viewforum_body.html +++ b/phpBB/styles/subsilver2/template/viewforum_body.html @@ -58,7 +58,7 @@ <td class="row1" width="140" align="center"> <p class="topicdetails" style="white-space: nowrap;">{topicrow.LAST_POST_TIME}</p> <p class="topicdetails">{topicrow.LAST_POST_AUTHOR_FULL} - <a href="{topicrow.U_LAST_POST}">{LAST_POST_IMG}</a> + <!-- IF not S_IS_BOT --><a href="{topicrow.U_LAST_POST}">{LAST_POST_IMG}</a><!-- ENDIF --> </p> </td> </tr> @@ -209,7 +209,7 @@ <td class="row1" width="140" align="center"> <p class="topicdetails" style="white-space: nowrap;">{topicrow.LAST_POST_TIME}</p> <p class="topicdetails">{topicrow.LAST_POST_AUTHOR_FULL} - <a href="{topicrow.U_LAST_POST}">{LAST_POST_IMG}</a> + <!-- IF not S_IS_BOT --><a href="{topicrow.U_LAST_POST}">{LAST_POST_IMG}</a><!-- ENDIF --> </p> </td> </tr> @@ -226,6 +226,7 @@ <!-- ENDIF --> <!-- END topicrow --> + <!-- IF not S_IS_BOT --> <tr align="center"> <!-- IF S_TOPIC_ICONS --> <td class="cat" colspan="7"> @@ -235,6 +236,7 @@ <form method="post" action="{S_FORUM_ACTION}"><span class="gensmall">{L_DISPLAY_TOPICS}:</span> {S_SELECT_SORT_DAYS} <span class="gensmall">{L_SORT_BY}</span> {S_SELECT_SORT_KEY} {S_SELECT_SORT_DIR} <input class="btnlite" type="submit" name="sort" value="{L_GO}" /></form> </td> </tr> + <!-- ENDIF --> </table> <!-- ENDIF --> diff --git a/phpBB/styles/subsilver2/template/viewtopic_body.html b/phpBB/styles/subsilver2/template/viewtopic_body.html index cf264ca4f8..b177a15250 100644 --- a/phpBB/styles/subsilver2/template/viewtopic_body.html +++ b/phpBB/styles/subsilver2/template/viewtopic_body.html @@ -290,11 +290,13 @@ </table> <!-- END postrow --> + <!-- IF not S_IS_BOT --> <table width="100%" cellspacing="1" class="tablebg"> <tr align="center"> <td class="cat"><form name="viewtopic" method="post" action="{S_TOPIC_ACTION}"><span class="gensmall">{L_DISPLAY_POSTS}:</span> {S_SELECT_SORT_DAYS} <span class="gensmall">{L_SORT_BY}</span> {S_SELECT_SORT_KEY} {S_SELECT_SORT_DIR} <input class="btnlite" type="submit" value="{L_GO}" name="sort" /></form></td> </tr> </table> + <!-- ENDIF --> <table width="100%" cellspacing="1"> <tr> |