diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-06-04 00:14:26 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-06-04 00:14:26 +0000 |
| commit | df638e5d2e1542cbaf0c3afaaafe5773122c02c9 (patch) | |
| tree | 475261e665e1540d4d722aa439f889de3f042b58 | |
| parent | 764ec889a9dd33662bec030dabdbaca753fade57 (diff) | |
| download | forums-df638e5d2e1542cbaf0c3afaaafe5773122c02c9.tar forums-df638e5d2e1542cbaf0c3afaaafe5773122c02c9.tar.gz forums-df638e5d2e1542cbaf0c3afaaafe5773122c02c9.tar.bz2 forums-df638e5d2e1542cbaf0c3afaaafe5773122c02c9.tar.xz forums-df638e5d2e1542cbaf0c3afaaafe5773122c02c9.zip | |
Fixed problem with users editing posts they did not create
git-svn-id: file:///svn/phpbb/trunk@423 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/posting.php | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/phpBB/posting.php b/phpBB/posting.php index 4658ff2d69..3340f430d8 100644 --- a/phpBB/posting.php +++ b/phpBB/posting.php @@ -696,9 +696,27 @@ switch($mode) if($result = $db->sql_query($sql)) { - $postrow = $db->sql_fetchrowset($result); - $subject = stripslashes($postrow[0]['post_subject']); - $message = stripslashes($postrow[0]['post_text']); + $postrow = $db->sql_fetchrow($result); + + if($userdata['user_id'] != $postrow['user_id'] && !$is_auth['auth_mod']) + { + include('includes/page_header.'.$phpEx); + + $msg = "Sorry but you can only edit your own posts."; + + $template->set_filenames(array( + "reg_header" => "error_body.tpl" + )); + $template->assign_vars(array( + "ERROR_MESSAGE" => $msg + )); + $template->pparse("reg_header"); + + include('includes/page_tail.'.$phpEx); + } + + $subject = stripslashes($postrow['post_subject']); + $message = stripslashes($postrow['post_text']); if(eregi("\[addsig]$", $message)) { $attach_sig = TRUE; @@ -718,14 +736,14 @@ switch($mode) $message = preg_replace('#</textarea>#si', '</TEXTAREA>', $message); // is_first_post needs functionality! - if($postrow[0]['topic_notify'] && $is_first_post) + if($postrow['topic_notify'] && $is_first_post) { $notify = TRUE; } if($is_first_post) { - $subject = stripslashes($postrow[0]['topic_title']); + $subject = stripslashes($postrow['topic_title']); } } else |