diff options
author | Chris Smith <toonarmy@phpbb.com> | 2009-04-29 18:30:26 +0000 |
---|---|---|
committer | Chris Smith <toonarmy@phpbb.com> | 2009-04-29 18:30:26 +0000 |
commit | de617ed0df64cbdfa238f788eef163c09222f1d0 (patch) | |
tree | 964011e19bd2e44909a3cf654de79a115ad7e778 /phpBB/includes/ucp/ucp_activate.php | |
parent | 0902ba6d2115cb68532931e10aab64c1035810be (diff) | |
download | forums-de617ed0df64cbdfa238f788eef163c09222f1d0.tar forums-de617ed0df64cbdfa238f788eef163c09222f1d0.tar.gz forums-de617ed0df64cbdfa238f788eef163c09222f1d0.tar.bz2 forums-de617ed0df64cbdfa238f788eef163c09222f1d0.tar.xz forums-de617ed0df64cbdfa238f788eef163c09222f1d0.zip |
Minor security problem, discovered internally. Requires the user to know the activation key which is not normally possible when admin activation is turned on. #41625
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9498 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/ucp/ucp_activate.php')
-rw-r--r-- | phpBB/includes/ucp/ucp_activate.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_activate.php b/phpBB/includes/ucp/ucp_activate.php index f8aeb2297a..36ab8a0e9b 100644 --- a/phpBB/includes/ucp/ucp_activate.php +++ b/phpBB/includes/ucp/ucp_activate.php @@ -56,6 +56,17 @@ class ucp_activate trigger_error('WRONG_ACTIVATION'); } + // Do not allow activating by non administrators when admin activation is on + // Only activation type the user should be able to do is INACTIVE_REMIND + if ($user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user')) + { + if (!$user->data['is_registered']) + { + login_box('', $user->lang['NO_AUTH_OPERATION']); + } + trigger_error('NO_AUTH_OPERATION'); + } + $update_password = ($user_row['user_newpasswd']) ? true : false; if ($update_password) |