aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Senko <jakubsenko@gmail.com>2019-05-28 10:15:59 +0200
committerJakub Senko <jakubsenko@gmail.com>2019-05-28 10:15:59 +0200
commit9e985af1e885c5f99d7944f2367547b58b810569 (patch)
treef550ba7fad1ae65f18203b760bf2c37b44792479
parent97e92f52d7b60ec7194bbee772ab14592c551e82 (diff)
downloadforums-9e985af1e885c5f99d7944f2367547b58b810569.tar
forums-9e985af1e885c5f99d7944f2367547b58b810569.tar.gz
forums-9e985af1e885c5f99d7944f2367547b58b810569.tar.bz2
forums-9e985af1e885c5f99d7944f2367547b58b810569.tar.xz
forums-9e985af1e885c5f99d7944f2367547b58b810569.zip
[ticket/15932] Disallow deleting locked attachments
PHPBB3-15932
-rw-r--r--phpBB/includes/ucp/ucp_attachments.php30
-rw-r--r--phpBB/language/en/ucp.php1
-rw-r--r--phpBB/styles/prosilver/template/ucp_attachments.html2
3 files changed, 24 insertions, 9 deletions
diff --git a/phpBB/includes/ucp/ucp_attachments.php b/phpBB/includes/ucp/ucp_attachments.php
index c1b623cd71..7808fed325 100644
--- a/phpBB/includes/ucp/ucp_attachments.php
+++ b/phpBB/includes/ucp/ucp_attachments.php
@@ -29,7 +29,7 @@ class ucp_attachments
function main($id, $mode)
{
- global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request;
+ global $template, $user, $db, $config, $phpEx, $phpbb_root_path, $phpbb_container, $request, $auth;
$start = $request->variable('start', 0);
$sort_key = $request->variable('sk', 'a');
@@ -41,16 +41,27 @@ class ucp_attachments
if ($delete && count($delete_ids))
{
// Validate $delete_ids...
- $sql = 'SELECT attach_id
- FROM ' . ATTACHMENTS_TABLE . '
- WHERE poster_id = ' . $user->data['user_id'] . '
- AND is_orphan = 0
- AND ' . $db->sql_in_set('attach_id', $delete_ids);
+ $sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
+ FROM ' . ATTACHMENTS_TABLE . ' a
+ LEFT JOIN ' . POSTS_TABLE . ' p
+ ON (a.post_msg_id = p.post_id AND a.in_message = 0)
+ LEFT JOIN ' . TOPICS_TABLE . ' t
+ ON (t.topic_id = p.topic_id AND a.in_message = 0)
+ LEFT JOIN ' . FORUMS_TABLE . ' f
+ ON (f.forum_id = t.forum_id AND a.in_message = 0)
+ WHERE a.poster_id = ' . $user->data['user_id'] . '
+ AND a.is_orphan = 0
+ AND ' . $db->sql_in_set('a.attach_id', $delete_ids);
$result = $db->sql_query($sql);
$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{
+ if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))
+ {
+ continue;
+ }
+
$delete_ids[] = $row['attach_id'];
}
$db->sql_freeresult($result);
@@ -124,10 +135,12 @@ class ucp_attachments
$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);
- $sql = 'SELECT a.*, t.topic_title, p.message_subject as message_title
+ $sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status
FROM ' . ATTACHMENTS_TABLE . ' a
+ LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
- LEFT JOIN ' . PRIVMSGS_TABLE . ' p ON (a.post_msg_id = p.msg_id AND a.in_message = 1)
+ LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
+ LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";
@@ -164,6 +177,7 @@ class ucp_attachments
'TOPIC_ID' => $row['topic_id'],
'S_IN_MESSAGE' => $row['in_message'],
+ 'S_LOCKED' => !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),
'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)
diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php
index 2622fb57b7..a754b4114e 100644
--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@@ -89,6 +89,7 @@ $lang = array_merge($lang, array(
'ATTACHMENTS_EXPLAIN' => 'This is a list of attachments you have made in posts to this board.',
'ATTACHMENTS_DELETED' => 'Attachments successfully deleted.',
'ATTACHMENT_DELETED' => 'Attachment successfully deleted.',
+ 'ATTACHMENT_LOCKED' => 'This topic is locked, you cannot delete the attachment.',
'AUTOLOGIN_SESSION_KEYS_DELETED'=> 'The selected "Remember Me" login keys were successfully deleted.',
'AVATAR_CATEGORY' => 'Category',
'AVATAR_DRIVER_GRAVATAR_TITLE' => 'Gravatar',
diff --git a/phpBB/styles/prosilver/template/ucp_attachments.html b/phpBB/styles/prosilver/template/ucp_attachments.html
index 696f621116..cfdbf9c7ea 100644
--- a/phpBB/styles/prosilver/template/ucp_attachments.html
+++ b/phpBB/styles/prosilver/template/ucp_attachments.html
@@ -44,7 +44,7 @@
</dt>
<dd class="extra">{attachrow.DOWNLOAD_COUNT}</dd>
<dd class="time"><span>{attachrow.POST_TIME}</span></dd>
- <dd class="mark"><input type="checkbox" name="attachment[{attachrow.ATTACH_ID}]" value="1" /></dd>
+ <dd class="mark"><input type="checkbox" name="attachment[{attachrow.ATTACH_ID}]" value="1"{% if attachrow.S_LOCKED %} disabled title="{{ lang('ATTACHMENT_LOCKED') }}"{% endif %} /></dd>
</dl>
</li>
<!-- END attachrow -->