diff options
| author | Hari Sankar R <hsr@theinglorio.us> | 2012-04-03 22:15:59 +0530 |
|---|---|---|
| committer | Hari Sankar R <hsr@theinglorio.us> | 2012-04-03 22:15:59 +0530 |
| commit | 084e1ae5603f4204945d25afcfabaeb1198df20f (patch) | |
| tree | 64bd11fbfe0e24dbe4c6f57deb75d62c11119dae /phpBB/includes/functions.php | |
| parent | 3477b5e5a8c419f28d477a4764f5d29f3b04dc79 (diff) | |
| download | forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.gz forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.bz2 forums-084e1ae5603f4204945d25afcfabaeb1198df20f.tar.xz forums-084e1ae5603f4204945d25afcfabaeb1198df20f.zip | |
[ticket/10561] All users can choose deactivated styles (fixed).
A form exploit enabled the users to select a deactivated
style. Fixed with extra check on submit, with a new function
styles_verify to check if the selected style is activated or not.
PHPBB3-10561
Diffstat (limited to 'phpBB/includes/functions.php')
| -rw-r--r-- | phpBB/includes/functions.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 0320230a7d..530638c56b 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -1239,6 +1239,24 @@ function style_select($default = '', $all = false) } /** +* Check if style is activated +*/ +function style_verify($style_id = 0) +{ + global $db; + + $sql = 'SELECT style_id, style_active + FROM ' . STYLES_TABLE . " + WHERE style_id = $style_id"; + $result = $db->sql_query($sql); + + $style_verified = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + return $style_verified['style_active']; +} + +/** * Pick a timezone */ function tz_select($default = '', $truncate = false) |