diff options
| author | Jakub Senko <jakubsenko@gmail.com> | 2016-05-29 12:42:57 +0200 |
|---|---|---|
| committer | Jakub Senko <jakubsenko@gmail.com> | 2016-09-01 08:48:37 +0200 |
| commit | 4b6c2c8cde0b87d32f8df8af87239580ddc340c4 (patch) | |
| tree | 22b13f4776b5111624efedcc73d1b3dc0877117a /phpBB/includes/acp/acp_permissions.php | |
| parent | dff950162cd4d79d5e199e833e46a98d381397dc (diff) | |
| download | forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.gz forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.bz2 forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.xz forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.zip | |
[ticket/10961] Send HTTP 403 when applicable
PHPBB3-10961
Diffstat (limited to 'phpBB/includes/acp/acp_permissions.php')
| -rw-r--r-- | phpBB/includes/acp/acp_permissions.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/phpBB/includes/acp/acp_permissions.php b/phpBB/includes/acp/acp_permissions.php index fdac7c4d00..df3e238bcc 100644 --- a/phpBB/includes/acp/acp_permissions.php +++ b/phpBB/includes/acp/acp_permissions.php @@ -315,6 +315,7 @@ class acp_permissions case 'apply_permissions': if (!isset($_POST['setting'])) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) @@ -328,6 +329,7 @@ class acp_permissions case 'apply_all_permissions': if (!isset($_POST['setting'])) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING); } if (!check_form_key($form_name)) @@ -687,6 +689,7 @@ class acp_permissions // Check the permission setting again if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -772,6 +775,7 @@ class acp_permissions // Check the permission setting again if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } @@ -884,6 +888,7 @@ class acp_permissions // Check the permission setting again if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's')) { + send_status_line(403, 'Forbidden'); trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING); } |