Do not permit unauthorised users to delete private messages from folder listing. #54355

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10322 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Chris Smith <toonarmy@phpbb.com> 2009-12-11 22:27:00 +0000
committer: Chris Smith <toonarmy@phpbb.com> 2009-12-11 22:27:00 +0000
commit: f150bb82819349d2bea5b8bd042e078acbe424d9 (patch)
tree: bade0120e28f4c505e44b8d140baede9ea441418 /phpBB/includes/functions_privmsgs.php
parent: c9b343b2c842d3301ce82bf837f004b3afe7e089 (diff)
download: forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar
forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.gz
forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.bz2
forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.xz
forums-f150bb82819349d2bea5b8bd042e078acbe424d9.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php
index c93b6a6bba..4fc5034f7b 100644
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -894,6 +894,13 @@ function handle_mark_actions($user_id, $mark_action)
 
 		case 'delete_marked':
 
+			global $auth;
+
+			if (!$auth->acl_get('u_pm_delete'))
+			{
+				trigger_error('NO_AUTH_DELETE_MESSAGE');
+			}
+
 			if (confirm_box(true))
 			{
 				delete_pm($user_id, $msg_ids, $cur_folder_id);
author	Chris Smith <toonarmy@phpbb.com>	2009-12-11 22:27:00 +0000
committer	Chris Smith <toonarmy@phpbb.com>	2009-12-11 22:27:00 +0000
commit	f150bb82819349d2bea5b8bd042e078acbe424d9 (patch)
tree	bade0120e28f4c505e44b8d140baede9ea441418 /phpBB/includes/functions_privmsgs.php
parent	c9b343b2c842d3301ce82bf837f004b3afe7e089 (diff)
download	forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.gz forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.bz2 forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.xz forums-f150bb82819349d2bea5b8bd042e078acbe424d9.zip