diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2009-08-03 13:32:52 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2009-08-03 13:32:52 +0000 |
| commit | d376811e7faf1f947645c9bfedd235c6ae9e3227 (patch) | |
| tree | a450d982effe30daa7bf9442bffb35b002960964 | |
| parent | c748d865b2665147453844980b8db3c98244dbf6 (diff) | |
| download | forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.gz forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.bz2 forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.tar.xz forums-d376811e7faf1f947645c9bfedd235c6ae9e3227.zip | |
require link hash for switchperm
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9915 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/memberlist.php | 2 | ||||
| -rw-r--r-- | phpBB/ucp.php | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index ccd215c590..51301d6ffe 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -580,7 +580,7 @@ switch ($mode) 'U_USER_BAN' => ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '', 'U_MCP_QUEUE' => ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '', - 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}") : '', + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '', 'S_USER_NOTES' => ($user_notes_enabled) ? true : false, 'S_WARN_USER' => ($warn_user_enabled) ? true : false, diff --git a/phpBB/ucp.php b/phpBB/ucp.php index b808049187..061933fb0c 100644 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -186,7 +186,7 @@ switch ($mode) $user_row = $db->sql_fetchrow($result); $db->sql_freeresult($result); - if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id']) + if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm')) { redirect(append_sid("{$phpbb_root_path}index.$phpEx")); } |