diff options
| author | Joas Schilling <nickvergessen@gmx.de> | 2012-10-15 13:17:05 +0200 |
|---|---|---|
| committer | Joas Schilling <nickvergessen@gmx.de> | 2012-10-15 13:17:05 +0200 |
| commit | a58a76ef5f496ea57f655e34c6d973b2639619c0 (patch) | |
| tree | 06bd8ff0c4dad4c19322c4da390a63ba90883b35 | |
| parent | 4bf922fa03ae80533c726bd10aeab1f0bad0d179 (diff) | |
| download | forums-a58a76ef5f496ea57f655e34c6d973b2639619c0.tar forums-a58a76ef5f496ea57f655e34c6d973b2639619c0.tar.gz forums-a58a76ef5f496ea57f655e34c6d973b2639619c0.tar.bz2 forums-a58a76ef5f496ea57f655e34c6d973b2639619c0.tar.xz forums-a58a76ef5f496ea57f655e34c6d973b2639619c0.zip | |
[feature/soft-delete] Fix permission check in viewtopic.php
PHPBB3-9567
| -rw-r--r-- | phpBB/viewtopic.php | 18 |
1 files changed, 7 insertions, 11 deletions
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index f05d94b8af..59081163dd 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -248,6 +248,13 @@ if (!$topic_data) } $forum_id = (int) $topic_data['forum_id']; + +// Now we know the forum_id and can check the permissions +if ($topic_data['topic_visibility'] != ITEM_APPROVED && !$auth->acl_get('m_approve', $forum_id)) +{ + trigger_error('NO_TOPIC'); +} + // This is for determining where we are (page) if ($post_id) { @@ -320,17 +327,6 @@ if (($topic_data['topic_type'] == POST_STICKY || $topic_data['topic_type'] == PO // Setup look and feel $user->setup('viewtopic', $topic_data['forum_style']); -/* the topic "does not exist": -* if the topic is unapproved and the user cannot approve it -* if the topic is deleted and the user cannot restore it -* NB: restoring a topic has two cases: moderator restore and poster restore. -*/ -if (($topic_data['topic_visibility'] == ITEM_UNAPPROVED && !$auth->acl_get('m_approve', $forum_id)) - || ($topic_data['topic_visibility'] == ITEM_DELETED && (!$auth->acl_get('m_restore', $forum_id) || ($user->data['user_id'] == $topic_data['topic_poster'] && $auth->acl_get('f_restore', $forum_id))))) -{ - trigger_error('NO_TOPIC'); -} - // Start auth check if (!$auth->acl_get('f_read', $forum_id)) { |