From 27279afa1ed75457e6e0d32c982bf9458f048f30 Mon Sep 17 00:00:00 2001 From: Igor Wiedler Date: Fri, 14 Oct 2011 17:30:54 +0200 Subject: [ticket/10377] Do not allow all moderators to sticky posts In the mcp the change_topic_type does not properly check permissions, allowing moderators to make any post sticky or announced by visiting the correct URL. PHPBB3-10377 --- phpBB/includes/mcp/mcp_main.php | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'phpBB/includes/mcp/mcp_main.php') diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index ad10a52705..ffede11d37 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -286,14 +286,6 @@ function change_topic_type($action, $topic_ids) { global $auth, $user, $db, $phpEx, $phpbb_root_path; - // For changing topic types, we only allow operations in one forum. - $forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', array('f_announce', 'f_sticky', 'm_'), true); - - if ($forum_id === false) - { - return; - } - switch ($action) { case 'make_announce': @@ -316,11 +308,18 @@ function change_topic_type($action, $topic_ids) default: $new_topic_type = POST_NORMAL; - $check_acl = ''; + $check_acl = false; $l_new_type = (sizeof($topic_ids) == 1) ? 'MCP_MAKE_NORMAL' : 'MCP_MAKE_NORMALS'; break; } + $forum_id = check_ids($topic_ids, TOPICS_TABLE, 'topic_id', $check_acl, true); + + if ($forum_id === false) + { + return; + } + $redirect = request_var('redirect', build_url(array('action', 'quickmod'))); $s_hidden_fields = array( -- cgit v1.2.1 From 7a04c9048c110f0bd21ea3e9e869e17b408d640e Mon Sep 17 00:00:00 2001 From: Unknown Date: Sat, 31 Dec 2011 13:32:52 +0000 Subject: [ticket/9916] Updating header license and removing Version $Id$ PHPBB3-9916 --- phpBB/includes/mcp/mcp_main.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'phpBB/includes/mcp/mcp_main.php') diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index e0a1357213..10e5956fc2 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -2,9 +2,8 @@ /** * * @package mcp -* @version $Id$ * @copyright (c) 2005 phpBB Group -* @license http://opensource.org/licenses/gpl-license.php GNU Public License +* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2 * */ -- cgit v1.2.1 From 1d72a47ea6f47ec95b201ea4a3b9a9e0ea34da9a Mon Sep 17 00:00:00 2001 From: Vjacheslav Trushkin Date: Thu, 9 Feb 2012 22:13:13 +0200 Subject: [ticket/10637] Leftovers from implementation of extensions in mcp_main Replacing code in includes/mcp/mcp_main.php that was missed in ticket 10323 PHPBB3-10637 --- phpBB/includes/mcp/mcp_main.php | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'phpBB/includes/mcp/mcp_main.php') diff --git a/phpBB/includes/mcp/mcp_main.php b/phpBB/includes/mcp/mcp_main.php index 10e5956fc2..a21c67924d 100644 --- a/phpBB/includes/mcp/mcp_main.php +++ b/phpBB/includes/mcp/mcp_main.php @@ -907,16 +907,11 @@ function mcp_fork_topic($topic_ids) if (!isset($search_type) && $topic_row['enable_indexing']) { // Select the search method and do some additional checks to ensure it can actually be utilised - $search_type = basename($config['search_type']); - - if (!file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx)) - { - trigger_error('NO_SUCH_SEARCH_MODULE'); - } + $search_type = $config['search_type']; if (!class_exists($search_type)) { - include("{$phpbb_root_path}includes/search/$search_type.$phpEx"); + trigger_error('NO_SUCH_SEARCH_MODULE'); } $error = false; -- cgit v1.2.1