aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHenry Sudhof <kellanved@phpbb.com>2007-06-21 15:23:47 +0000
committerHenry Sudhof <kellanved@phpbb.com>2007-06-21 15:23:47 +0000
commit409749f85770cfd4ce47962ec71681e44f03b614 (patch)
tree41dab42ee453b925c3ae3b8d10133af37aba5b6c
parent59ee46e2a963492f53cc78189b5020536338986d (diff)
downloadforums-409749f85770cfd4ce47962ec71681e44f03b614.tar
forums-409749f85770cfd4ce47962ec71681e44f03b614.tar.gz
forums-409749f85770cfd4ce47962ec71681e44f03b614.tar.bz2
forums-409749f85770cfd4ce47962ec71681e44f03b614.tar.xz
forums-409749f85770cfd4ce47962ec71681e44f03b614.zip
#12595
git-svn-id: file:///svn/phpbb/trunk@7786 89ea8834-ac86-4346-8a33-228a782c2dd0
-rw-r--r--phpBB/docs/CHANGELOG.html1
-rw-r--r--phpBB/includes/ucp/ucp_main.php46
2 files changed, 37 insertions, 10 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index eec7dabf40..1bf08bdb07 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -292,6 +292,7 @@ p a {
<li>[Fix] Writing directories/files with correct permissions using FTP for transfers on PHP4</li>
<li>[Fix] Oracle sequences during conversions are now corrected (Bug #12555)</li>
<li>[Fix] Allow users to continue after selecting "No" in the merge quickmod confirmation (Bug #12577)</li>
+ <li>[Fix] Correctly check permissions on the UCP subscription/bookmark pages (Bug #12595)</li>
</ul>
diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php
index f827187956..f542bddec9 100644
--- a/phpBB/includes/ucp/ucp_main.php
+++ b/phpBB/includes/ucp/ucp_main.php
@@ -231,8 +231,13 @@ class ucp_main
}
}
+ $forbidden_forums = array();
+
if ($config['allow_forum_notify'])
{
+ $forbidden_forums = $forbidden_forums = $auth->acl_getf('!f_read', true);
+ $forbidden_forums = array_unique(array_keys($forbidden_forums));
+
$sql_array = array(
'SELECT' => 'f.*',
@@ -242,7 +247,8 @@ class ucp_main
),
'WHERE' => 'fw.user_id = ' . $user->data['user_id'] . '
- AND f.forum_id = fw.forum_id',
+ AND f.forum_id = fw.forum_id
+ AND ' . $db->sql_in_set('f.forum_id', $forbidden_forums, true, true),
'ORDER_BY' => 'left_id'
);
@@ -330,7 +336,12 @@ class ucp_main
// Subscribed Topics
if ($config['allow_topic_notify'])
{
- $this->assign_topiclist('subscribed');
+ if (empty($forbidden_forums))
+ {
+ $forbidden_forums = $auth->acl_getf('!f_read', true);
+ $forbidden_forums = array_unique(array_keys($forbidden_forums));
+ }
+ $this->assign_topiclist('subscribed', $forbidden_forums);
}
$template->assign_vars(array(
@@ -386,8 +397,10 @@ class ucp_main
confirm_box(false, 'REMOVE_SELECTED_BOOKMARKS', build_hidden_fields($s_hidden_fields));
}
}
-
- $this->assign_topiclist('bookmarks');
+ $forbidden_forums = $auth->acl_getf('!f_read', true);
+ $forbidden_forums = array_unique(array_keys($forbidden_forums));
+
+ $this->assign_topiclist('bookmarks', $forbidden_forums);
break;
@@ -584,16 +597,26 @@ class ucp_main
/**
* Build and assign topiclist for bookmarks/subscribed topics
*/
- function assign_topiclist($mode = 'subscribed')
+ function assign_topiclist($mode = 'subscribed', $forbidden_forum_ary = array())
{
global $user, $db, $template, $config, $auth, $phpbb_root_path, $phpEx;
$table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE;
$start = request_var('start', 0);
- $sql = 'SELECT COUNT(topic_id) as topics_count
- FROM ' . $table . '
- WHERE user_id = ' . $user->data['user_id'];
+ $sql_array = array(
+ 'SELECT' => 'COUNT(t.topic_id) as topics_count',
+
+ 'FROM' => array(
+ $table => 'i',
+ TOPICS_TABLE => 't'
+ ),
+
+ 'WHERE' => 'i.topic_id = t.topic_id
+ AND i.user_id = ' . $user->data['user_id'] . '
+ AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true),
+ );
+ $sql = $db->sql_build_query('SELECT', $sql_array);
$result = $db->sql_query($sql);
$topics_count = (int) $db->sql_fetchfield('topics_count');
$db->sql_freeresult($result);
@@ -618,7 +641,9 @@ class ucp_main
),
'WHERE' => 'tw.user_id = ' . $user->data['user_id'] . '
- AND t.topic_id = tw.topic_id',
+ AND t.topic_id = tw.topic_id
+ AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true),
+
'ORDER_BY' => 't.topic_last_post_time DESC'
);
@@ -634,7 +659,8 @@ class ucp_main
BOOKMARKS_TABLE => 'b',
),
- 'WHERE' => 'b.user_id = ' . $user->data['user_id'],
+ 'WHERE' => 'b.user_id = ' . $user->data['user_id'] . '
+ AND ' . $db->sql_in_set('f.forum_id', $forbidden_forum_ary, true, true),
'ORDER_BY' => 't.topic_last_post_time DESC'
);