diff options
| author | Rahul R <rahulr92@gmail.com> | 2012-04-05 00:39:52 +0530 |
|---|---|---|
| committer | Rahul R <rahulr92@gmail.com> | 2012-04-08 10:34:00 +0530 |
| commit | 4bb20d7ceaf4d8f2cf19fa7f79ba239156326045 (patch) | |
| tree | 51d57b8aa7040ebbdb8ea6ac3b01c8a2b5e7473c /phpBB/includes/functions_display.php | |
| parent | 720fc46807f92364321bcb26291eafea1688c5ca (diff) | |
| download | forums-4bb20d7ceaf4d8f2cf19fa7f79ba239156326045.tar forums-4bb20d7ceaf4d8f2cf19fa7f79ba239156326045.tar.gz forums-4bb20d7ceaf4d8f2cf19fa7f79ba239156326045.tar.bz2 forums-4bb20d7ceaf4d8f2cf19fa7f79ba239156326045.tar.xz forums-4bb20d7ceaf4d8f2cf19fa7f79ba239156326045.zip | |
[ticket/10650]Added permission checking and utf8 functions
Passworded forums and ones in which user doesn't have
read access will be excluded. Also uft8 based string functions and
html encode/decode functions have been used to sanitise subject.
PHPBB3-10650
Diffstat (limited to 'phpBB/includes/functions_display.php')
| -rw-r--r-- | phpBB/includes/functions_display.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index b331ed7d71..8e0005eadf 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -397,9 +397,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod if ($row['forum_last_post_id']) { $last_post_subject = $row['forum_last_post_subject']; - if (strlen($last_post_subject) > 30) - { - $last_post_subject = substr($last_post_subject, 0, 30); + if (utf8_strlen(htmlspecialchars_decode($last_post_subject)) > 30) + { + $last_post_subject = htmlspecialchars(utf8_substr(htmlspecialchars_decode($last_post_subject, 0, 30))); $last_post_subject .= '...'; } $last_post_time = $user->format_date($row['forum_last_post_time']); @@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod 'S_LOCKED_FORUM' => ($row['forum_status'] == ITEM_LOCKED) ? true : false, 'S_LIST_SUBFORUMS' => ($row['display_subforum_list']) ? true : false, 'S_SUBFORUMS' => (sizeof($subforums_list)) ? true : false, - 'S_DISPLAY_SUBJECT' => ($row['display_last_subject']) ? true : false, + 'S_DISPLAY_SUBJECT' => ($row['display_last_subject'] && !$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? true : false, 'S_FEED_ENABLED' => ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false, 'FORUM_ID' => $row['forum_id'], |