diff options
| author | Jakub Senko <jakubsenko@gmail.com> | 2016-05-29 12:42:57 +0200 |
|---|---|---|
| committer | Jakub Senko <jakubsenko@gmail.com> | 2016-09-01 08:48:37 +0200 |
| commit | 4b6c2c8cde0b87d32f8df8af87239580ddc340c4 (patch) | |
| tree | 22b13f4776b5111624efedcc73d1b3dc0877117a /phpBB/includes | |
| parent | dff950162cd4d79d5e199e833e46a98d381397dc (diff) | |
| download | forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.gz forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.bz2 forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.xz forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.zip | |
[ticket/10961] Send HTTP 403 when applicable
PHPBB3-10961
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/acp/acp_groups.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_inactive.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_main.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 5 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_users.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions.php | 4 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_logs.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_queue.php | 3 | ||||
| -rw-r--r-- | phpBB/includes/mcp/mcp_reports.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_activate.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_groups.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_compose.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewmessage.php | 1 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_profile.php | 2 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_remind.php | 1 |
17 files changed, 42 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_groups.php b/phpBB/includes/acp/acp_groups.php index 6bd3e71c2e..305296d013 100644 --- a/phpBB/includes/acp/acp_groups.php +++ b/phpBB/includes/acp/acp_groups.php @@ -223,6 +223,7 @@ class acp_groups } else if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -235,6 +236,7 @@ class acp_groups case 'delete': if (!$auth->acl_get('a_groupdel')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -313,6 +315,7 @@ class acp_groups if ($action == 'add' && !$auth->acl_get('a_groupadd')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } diff --git a/phpBB/includes/acp/acp_inactive.php b/phpBB/includes/acp/acp_inactive.php index 7ec43f45cc..ec256e93ef 100644 --- a/phpBB/includes/acp/acp_inactive.php +++ b/phpBB/includes/acp/acp_inactive.php @@ -164,6 +164,7 @@ class acp_inactive { if (!$auth->acl_get('a_userdel')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index f44bbbc88d..8697504c77 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -118,6 +118,7 @@ class acp_main case 'online': if (!$auth->acl_get('a_board')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -134,6 +135,7 @@ class acp_main case 'stats': if (!$auth->acl_get('a_board')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -189,6 +191,7 @@ class acp_main case 'user': if (!$auth->acl_get('a_board')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -256,6 +259,7 @@ class acp_main case 'date': if (!$auth->acl_get('a_board')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -372,6 +376,7 @@ class acp_main case 'purge_sessions': if ((int) $user->data['user_type'] !== USER_FOUNDER) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index fdac7c4d00..df3e238bcc 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -315,6 +315,7 @@ class acp_permissions case 'apply_permissions': if (!isset($_POST['setting'])) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) @@ -328,6 +329,7 @@ class acp_permissions case 'apply_all_permissions': if (!isset($_POST['setting'])) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) @@ -687,6 +689,7 @@ class acp_permissions // Check the permission setting again if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -772,6 +775,7 @@ class acp_permissions // Check the permission setting again if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -884,6 +888,7 @@ class acp_permissions // Check the permission setting again if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 5091fcae7e..a37396a713 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -205,6 +205,7 @@ class acp_users { if (!$auth->acl_get('a_userdel')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING); } diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 588a717f0e..465964913c 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -2264,6 +2264,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa { $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL'); } + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_ADMIN'); } @@ -2280,6 +2281,7 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa { $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL'); } + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_ADMIN'); } @@ -2301,6 +2303,8 @@ function login_box($redirect = '', $l_explain = '', $l_success = '', $admin = fa { // We log the attempt to use a different username... $phpbb_log->add('admin', $user->data['user_id'], $user->ip, 'LOG_ADMIN_AUTH_FAIL'); + + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_ADMIN_USER_DIFFER'); } diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index d92934e59e..69c3dad9e6 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -801,6 +801,7 @@ function move_pm($user_id, $message_limit, $move_msg_ids, $dest_folder, $cur_fol if (!$row) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -965,6 +966,7 @@ function handle_mark_actions($user_id, $mark_action) if (!$auth->acl_get('u_pm_delete')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_DELETE_MESSAGE'); } diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index fca0412321..c34c915a40 100644 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -83,6 +83,7 @@ class mcp_logs if (!in_array($forum_id, $forum_list)) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -101,6 +102,7 @@ class mcp_logs if (!in_array($forum_id, $forum_list)) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php index 1ccced7a2f..9060cc1098 100644 --- a/phpBB/includes/mcp/mcp_queue.php +++ b/phpBB/includes/mcp/mcp_queue.php @@ -622,6 +622,7 @@ class mcp_queue if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -877,6 +878,7 @@ class mcp_queue if (!phpbb_check_ids($topic_id_list, TOPICS_TABLE, 'topic_id', array('m_approve'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -1074,6 +1076,7 @@ class mcp_queue if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_approve'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php index 3809ea2616..1462acf110 100644 --- a/phpBB/includes/mcp/mcp_reports.php +++ b/phpBB/includes/mcp/mcp_reports.php @@ -542,6 +542,7 @@ function close_report($report_id_list, $mode, $action, $pm = false) { if (!$auth->acl_getf_global('m_report')) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } } @@ -549,6 +550,7 @@ function close_report($report_id_list, $mode, $action, $pm = false) { if (!phpbb_check_ids($post_id_list, POSTS_TABLE, 'post_id', array('m_report'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } } diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index 00044340df..1e54c18dc1 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -67,6 +67,7 @@ class ucp_activate { login_box('', $user->lang['NO_AUTH_OPERATION']); } + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_OPERATION'); } diff --git a/phpBB/includes/ucp/ucp_groups.php b/phpBB/includes/ucp/ucp_groups.php index faffbe5bdc..352b7d1ec3 100644 --- a/phpBB/includes/ucp/ucp_groups.php +++ b/phpBB/includes/ucp/ucp_groups.php @@ -87,6 +87,7 @@ class ucp_groups if (!$auth->acl_get('u_chggrp')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NOT_AUTHORISED'] . $return_page); } diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index 33dff97fe6..d145d66f59 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -166,6 +166,7 @@ class ucp_pm if (!$auth->acl_get('u_readpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_READ_MESSAGE'); } diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index ad9a99204f..b61a9fab9f 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -171,6 +171,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'post': if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } break; @@ -186,6 +187,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (!$auth->acl_get('u_sendpm')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SEND_MESSAGE'); } @@ -226,6 +228,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) case 'delete': if (!$auth->acl_get('u_pm_delete')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_DELETE_MESSAGE'); } @@ -251,11 +254,13 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_FORWARD_MESSAGE'); } if ($action == 'edit' && !$auth->acl_get('u_pm_edit')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_EDIT_MESSAGE'); } @@ -321,6 +326,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) { if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read'))) { + send_status_line(403, 'Forbidden'); trigger_error('NOT_AUTHORISED'); } @@ -456,6 +462,7 @@ function compose_pm($id, $mode, $action, $user_folders = array()) if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group'))) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_GROUP_MESSAGE'); } diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index 2457ea9a2e..48d14a133c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -41,6 +41,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row) $message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE']; $message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>'); + send_status_line(403, 'Forbidden'); trigger_error($message); } diff --git a/phpBB/includes/ucp/ucp_profile.php b/phpBB/includes/ucp/ucp_profile.php index a9f8e10eef..a86c4f2672 100644 --- a/phpBB/includes/ucp/ucp_profile.php +++ b/phpBB/includes/ucp/ucp_profile.php @@ -279,6 +279,7 @@ class ucp_profile // Do not display profile information panel if not authed to do so if (!$auth->acl_get('u_chgprofileinfo')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_PROFILEINFO'); } @@ -464,6 +465,7 @@ class ucp_profile if (!$auth->acl_get('u_sig')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_SIGNATURE'); } diff --git a/phpBB/includes/ucp/ucp_remind.php b/phpBB/includes/ucp/ucp_remind.php index 0a46674fb1..a44f077693 100644 --- a/phpBB/includes/ucp/ucp_remind.php +++ b/phpBB/includes/ucp/ucp_remind.php @@ -79,6 +79,7 @@ class ucp_remind if (!$auth2->acl_get('u_chgpasswd')) { + send_status_line(403, 'Forbidden'); trigger_error('NO_AUTH_PASSWORD_REMINDER'); } |