diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
| commit | 4defd8a8306fa8daa25427a37fb6db00bff390c7 (patch) | |
| tree | 7914a43cdc9b2d2107e7baeb7061990664bdd841 /phpBB/includes/acp/acp_permissions.php | |
| parent | 87e2e62c34da983258944db361d9a9b9785737e6 (diff) | |
| download | forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.gz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.bz2 forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.xz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.zip | |
Ok, here comes a big one. Poor updater. Also requires testing.
#i91
#i92
#i93
#i94
#i95
#i96
git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/acp/acp_permissions.php')
| -rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index 4b06d2edad..f171d43c39 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -46,7 +46,6 @@ class acp_permissions $this->permission_trace($user_id, $forum_id, $permission); return; } - trigger_error('NO_MODE', E_USER_ERROR); } @@ -66,6 +65,9 @@ class acp_permissions $group_id = request_var('group_id', array(0)); $select_all_groups = request_var('select_all_groups', 0); + $form_name = 'acp_permissions'; + add_form_key($form_name); + // If select all groups is set, we pre-build the group id array (this option is used for other screens to link to the permission settings screen) if ($select_all_groups) { @@ -214,6 +216,11 @@ class acp_permissions switch ($action) { case 'delete': + + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } // All users/groups selected? $all_users = (isset($_POST['all_users'])) ? true : false; $all_groups = (isset($_POST['all_groups'])) ? true : false; @@ -247,6 +254,10 @@ class acp_permissions { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } $this->set_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; @@ -256,6 +267,10 @@ class acp_permissions { trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } + if(!check_form_key($form_name)) + { + trigger_error($user->lang['FORM_INVALID']. adm_back_link($this->u_action), E_USER_WARNING); + } $this->set_all_permissions($mode, $permission_type, $auth_admin, $user_id, $group_id); break; |