diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-02 12:05:13 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-02 12:05:13 +0000 |
| commit | 9a7804cb717850afe209c347b05b957b72d866fb (patch) | |
| tree | cffd399498537ed93d8efe6b2100b8bcfdbefc42 /phpBB/includes/functions_privmsgs.php | |
| parent | 8f2b4562b1523c028781286a63947bfd44f79c7c (diff) | |
| download | forums-9a7804cb717850afe209c347b05b957b72d866fb.tar forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.gz forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.bz2 forums-9a7804cb717850afe209c347b05b957b72d866fb.tar.xz forums-9a7804cb717850afe209c347b05b957b72d866fb.zip | |
[Change] Remove NUL-Bytes directly in request_var() for strings and within the custom DBAL sql_escape() functions (MSSQL, Firebird, Oracle) (reported by AdhostMikeSw)
git-svn-id: file:///svn/phpbb/trunk@8968 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/functions_privmsgs.php')
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index f0c0a566de..577e9954aa 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -1339,12 +1339,17 @@ function submit_pm($mode, $subject, &$data, $put_in_outbox = true) if (isset($data['address_list']['g']) && sizeof($data['address_list']['g'])) { + // We need to check the PM status of group members (do they want to receive PM's?) + // Only check if not a moderator or admin, since they are allowed to override this user setting + $sql_allow_pm = (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) ? ' AND u.user_allow_pm = 1' : ''; + $sql = 'SELECT u.user_type, ug.group_id, ug.user_id FROM ' . USERS_TABLE . ' u, ' . USER_GROUP_TABLE . ' ug WHERE ' . $db->sql_in_set('ug.group_id', array_keys($data['address_list']['g'])) . ' AND ug.user_pending = 0 AND u.user_id = ug.user_id - AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')'; + AND u.user_type IN (' . USER_NORMAL . ', ' . USER_FOUNDER . ')' . + $sql_allow_pm; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) |