diff options
| author | Marc Alexander <admin@m-a-styles.de> | 2018-10-27 23:48:53 +0200 |
|---|---|---|
| committer | Marc Alexander <admin@m-a-styles.de> | 2018-10-27 23:48:53 +0200 |
| commit | 20393592d7c58a548853015cfbf489ea964f3c0f (patch) | |
| tree | 4541703c5714f3843b83f4a84f1836b49c0c6ded | |
| parent | 0cded66ff2833da9afaf06b1418d9b9322a890fa (diff) | |
| parent | f657ee51f89fcc0561155069c00957c46f31d96c (diff) | |
| download | forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.gz forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.bz2 forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.xz forums-20393592d7c58a548853015cfbf489ea964f3c0f.zip | |
Merge pull request #5387 from senky/ticket/15593
[ticket/15593] Do not allow print view with direct URL
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm.php | 6 | ||||
| -rw-r--r-- | phpBB/language/en/ucp.php | 1 | ||||
| -rw-r--r-- | phpBB/language/en/viewtopic.php | 1 | ||||
| -rw-r--r-- | phpBB/viewtopic.php | 6 |
4 files changed, 14 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php index d145d66f59..fa374c15c8 100644 --- a/phpBB/includes/ucp/ucp_pm.php +++ b/phpBB/includes/ucp/ucp_pm.php @@ -170,6 +170,12 @@ class ucp_pm trigger_error('NO_AUTH_READ_MESSAGE'); } + if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm'))) + { + send_status_line(403, 'Forbidden'); + trigger_error('NO_AUTH_PRINT_MESSAGE'); + } + // Do not allow hold messages to be seen if ($folder_id == PRIVMSGS_HOLD_BOX) { diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index 5056e23d24..64b624ff3f 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -377,6 +377,7 @@ $lang = array_merge($lang, array( 'NO_AUTH_PROFILEINFO' => 'You are not authorised to change your profile information.', 'NO_AUTH_READ_HOLD_MESSAGE' => 'You are not authorised to read private messages that are on hold.', 'NO_AUTH_READ_MESSAGE' => 'You are not authorised to read private messages.', + 'NO_AUTH_PRINT_MESSAGE' => 'You are not authorised to print private messages.', 'NO_AUTH_READ_REMOVED_MESSAGE' => 'You are not able to read this message because it was removed by the author.', 'NO_AUTH_SEND_MESSAGE' => 'You are not authorised to send private messages.', 'NO_AUTH_SIGNATURE' => 'You are not authorised to define a signature.', diff --git a/phpBB/language/en/viewtopic.php b/phpBB/language/en/viewtopic.php index 5890eecdb6..5d127acb3d 100644 --- a/phpBB/language/en/viewtopic.php +++ b/phpBB/language/en/viewtopic.php @@ -88,6 +88,7 @@ $lang = array_merge($lang, array( 'NO_UNREAD_POSTS' => 'There are no new unread posts for this topic.', 'NO_VOTE_OPTION' => 'You must specify an option when voting.', 'NO_VOTES' => 'No votes', + 'NO_AUTH_PRINT_TOPIC' => 'You are not authorised to print topics.', 'POLL_ENDED_AT' => 'Poll ended at %s', 'POLL_RUN_TILL' => 'Poll runs till %s', diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index 55b41aa7fa..0cbb5284c7 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -342,6 +342,12 @@ if (($topic_data['topic_type'] != POST_NORMAL) && $topic_data['topic_time_limit' // Setup look and feel $user->setup('viewtopic', $topic_data['forum_style']); +if ($view == 'print' && !$auth->acl_get('f_print', $forum_id)) +{ + send_status_line(403, 'Forbidden'); + trigger_error('NO_AUTH_PRINT_TOPIC'); +} + $overrides_f_read_check = false; $overrides_forum_password_check = false; $topic_tracking_info = isset($topic_tracking_info) ? $topic_tracking_info : null; |