diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-03-21 10:50:11 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-03-21 10:50:11 +0000 |
| commit | 312bd1a670d45053ffbb96299eb7c3e2c8467a30 (patch) | |
| tree | 5d0e576879e0ee0e82e17abc44a01a2fab2ac281 | |
| parent | 02a5032a52784339e75d0d3fc9c24e92e235c26b (diff) | |
| download | forums-312bd1a670d45053ffbb96299eb7c3e2c8467a30.tar forums-312bd1a670d45053ffbb96299eb7c3e2c8467a30.tar.gz forums-312bd1a670d45053ffbb96299eb7c3e2c8467a30.tar.bz2 forums-312bd1a670d45053ffbb96299eb7c3e2c8467a30.tar.xz forums-312bd1a670d45053ffbb96299eb7c3e2c8467a30.zip | |
merging, revisions #r8453 and #r8454
git-svn-id: file:///svn/phpbb/trunk@8455 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/download/file.php | 25 | ||||
| -rw-r--r-- | phpBB/includes/acp/acp_prune.php | 10 |
2 files changed, 34 insertions, 1 deletions
diff --git a/phpBB/download/file.php b/phpBB/download/file.php index 8189e900e4..570625cee5 100644 --- a/phpBB/download/file.php +++ b/phpBB/download/file.php @@ -208,8 +208,32 @@ else $row['forum_id'] = false; if (!$auth->acl_get('u_pm_download')) { + header('HTTP/1.0 403 forbidden'); trigger_error('SORRY_AUTH_VIEW_ATTACH'); } + + // Check if the attachment is within the users scope... + $sql = 'SELECT user_id, author_id + FROM ' . PRIVMSGS_TO_TABLE . ' + WHERE msg_id = ' . $attachment['post_msg_id']; + $result = $db->sql_query($sql); + + $allowed = false; + while ($user_row = $db->sql_fetchrow($result)) + { + if ($user->data['user_id'] == $user_row['user_id'] || $user->data['user_id'] == $user_row['author_id']) + { + $allowed = true; + break; + } + } + $db->sql_freeresult($result); + + if (!$allowed) + { + header('HTTP/1.0 403 forbidden'); + trigger_error('ERROR_NO_ATTACHMENT'); + } } // disallowed? @@ -222,6 +246,7 @@ else if (!download_allowed()) { + header('HTTP/1.0 403 forbidden'); trigger_error($user->lang['LINKAGE_FORBIDDEN']); } diff --git a/phpBB/includes/acp/acp_prune.php b/phpBB/includes/acp/acp_prune.php index 308f83387c..a82a438db7 100644 --- a/phpBB/includes/acp/acp_prune.php +++ b/phpBB/includes/acp/acp_prune.php @@ -405,7 +405,15 @@ class acp_prune $where_sql .= ($email) ? ' AND user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : ''; $where_sql .= (sizeof($joined)) ? " AND user_regdate " . $key_match[$joined_select] . ' ' . gmmktime(0, 0, 0, (int) $joined[1], (int) $joined[2], (int) $joined[0]) : ''; $where_sql .= ($count !== '') ? " AND user_posts " . $key_match[$count_select] . ' ' . (int) $count . ' ' : ''; - $where_sql .= (sizeof($active)) ? " AND user_lastvisit " . $key_match[$active_select] . " " . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) : ''; + + if (sizeof($active) && $active_select != 'lt') + { + $where_sql .= ' AND user_lastvisit ' . $key_match[$active_select] . ' ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]); + } + else if (sizeof($active)) + { + $where_sql .= ' AND (user_lastvisit > 0 AND user_lastvisit < ' . gmmktime(0, 0, 0, (int) $active[1], (int) $active[2], (int) $active[0]) . ')'; + } } // Protect the admin, do not prune if no options are given... |