diff options
| author | Nathan <exreaction@phpbb.com> | 2012-07-03 23:25:51 -0500 |
|---|---|---|
| committer | Nathan <exreaction@phpbb.com> | 2012-07-10 12:34:37 -0500 |
| commit | 05452b9ec0dab4fecfbca05fd5598af224d784de (patch) | |
| tree | 6d10413c646c6104bff4fa4d3c3b950e31a90061 /phpBB/includes/ucp | |
| parent | d998ad4b15a8fb0204db7f05c7b71e7c2c6b85bf (diff) | |
| download | forums-05452b9ec0dab4fecfbca05fd5598af224d784de.tar forums-05452b9ec0dab4fecfbca05fd5598af224d784de.tar.gz forums-05452b9ec0dab4fecfbca05fd5598af224d784de.tar.bz2 forums-05452b9ec0dab4fecfbca05fd5598af224d784de.tar.xz forums-05452b9ec0dab4fecfbca05fd5598af224d784de.zip | |
[ticket/8323] Do not allow sending of Private Messages to users who do not have permission to read private messages
PHPBB3-8323
Diffstat (limited to 'phpBB/includes/ucp')
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 1b474457b3..c6a44f6196 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1245,6 +1245,26 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; } } + + // Check if users have permission to read PMs + // Only check if not a moderator or admin, since they are allowed to override this user setting + if (true)//!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $can_read = $auth->acl_get_list(false, 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + + if (!empty($cannot_read_list)) + { + foreach ($cannot_read_list as $cannot_read) + { + unset($address_list['u'][$cannot_read]); + } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + } } } |