diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2007-07-14 15:44:10 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2007-07-14 15:44:10 +0000 |
| commit | 3585dbd42c114a63d585e68e14f52f2a2918632a (patch) | |
| tree | b77e4cb7c5655a2e9ad44f48346bcec1894e4d39 /phpBB/includes/mcp/mcp_logs.php | |
| parent | e16e766409378978d4f3401613a78e0428f2a46a (diff) | |
| download | forums-3585dbd42c114a63d585e68e14f52f2a2918632a.tar forums-3585dbd42c114a63d585e68e14f52f2a2918632a.tar.gz forums-3585dbd42c114a63d585e68e14f52f2a2918632a.tar.bz2 forums-3585dbd42c114a63d585e68e14f52f2a2918632a.tar.xz forums-3585dbd42c114a63d585e68e14f52f2a2918632a.zip | |
a bunch of fixes
git-svn-id: file:///svn/phpbb/trunk@7884 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/mcp/mcp_logs.php')
| -rwxr-xr-x | phpBB/includes/mcp/mcp_logs.php | 66 |
1 files changed, 42 insertions, 24 deletions
diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php index cec097cd8a..514aba5718 100755 --- a/phpBB/includes/mcp/mcp_logs.php +++ b/phpBB/includes/mcp/mcp_logs.php @@ -55,51 +55,69 @@ class mcp_logs $this->tpl_name = 'mcp_logs'; $this->page_title = 'MCP_LOGS'; + $forum_list = get_forum_list('m_'); + $forum_list[] = 0; + $forum_id = $topic_id = 0; + switch ($mode) { case 'front': - $where_sql = ''; break; case 'forum_logs': $forum_id = request_var('f', 0); - $where_sql = " AND forum_id = $forum_id"; + + if (!in_array($forum_id, $forum_list)) + { + trigger_error('NOT_AUTHORISED'); + } + + $forum_list = array($forum_id); break; case 'topic_logs': $topic_id = request_var('t', 0); - $where_sql = " AND topic_id = $topic_id"; + + $sql = 'SELECT forum_id + FROM ' . TOPICS_TABLE . ' + WHERE topic_id = ' . $topic_id; + $result = $db->sql_query($sql); + $forum_id = (int) $db->sql_fetchfield('forum_id'); + $db->sql_freeresult($result); + + if (!in_array($forum_id, $forum_list)) + { + trigger_error('NOT_AUTHORISED'); + } + + $forum_list = array($forum_id); break; } // Delete entries if requested and able if (($deletemark || $deleteall) && $auth->acl_get('a_clearlogs')) { - if ($deletemark) + if ($deletemark && sizeof($marked)) { - if (!sizeof($marked)) - { - $where_sql = ''; - } - else - { - $sql_in = array(); - foreach ($marked as $mark) - { - $sql_in[] = $mark; - } - - $where_sql = ' AND ' . $db->sql_in_set('log_id', $sql_in); - unset($sql_in); - } - } + $sql = 'DELETE FROM ' . LOG_TABLE . ' + WHERE log_type = ' . LOG_MOD . ' + AND ' . $db->sql_in_set('forum_id', $forum_list) . ' + AND ' . $db->sql_in_set('log_id', $marked); + $db->sql_query($sql); - if ($where_sql || $deleteall) + add_log('admin', 'LOG_CLEAR_MOD'); + } + else if ($deleteall) { $sql = 'DELETE FROM ' . LOG_TABLE . ' - WHERE log_type = ' . LOG_MOD . " - $where_sql"; + WHERE log_type = ' . LOG_MOD . ' + AND ' . $db->sql_in_set('forum_id', $forum_list); + + if ($mode == 'topic_logs') + { + $sql .= ' AND topic_id = ' . $topic_id; + } $db->sql_query($sql); add_log('admin', 'LOG_CLEAR_MOD'); @@ -121,7 +139,7 @@ class mcp_logs // Grab log data $log_data = array(); $log_count = 0; - view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_id, $topic_id, 0, $sql_where, $sql_sort); + view_log('mod', $log_data, $log_count, $config['topics_per_page'], $start, $forum_list, $topic_id, 0, $sql_where, $sql_sort); $template->assign_vars(array( 'PAGE_NUMBER' => on_page($log_count, $config['topics_per_page'], $start), |