Merge remote-tracking branch 'upstream/prep-release-3.2.9'

author: Maat <maat-pub@mageia.biz> 2020-05-08 21:52:11 +0200
committer: Maat <maat-pub@mageia.biz> 2020-05-08 21:52:11 +0200
commit: 8ea437e30605e0f66b5220bf904a61d7c1d11ddd (patch)
tree: e0db2bb4a012d5b06a633160b19f62f4868ecd28 /phpBB/includes/ucp/ucp_pm.php
parent: 36bc1870f21fac04736a1049c1d5b8e127d729f4 (diff)
parent: 2fdd46b36431ae0f58bb2e78e42553168db9a0ff (diff)
download: forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar
forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.gz
forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.bz2
forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.xz
forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.zip
1 files changed, 51 insertions, 20 deletions
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index f026cd3eb3..00d1ce7149 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -62,7 +62,7 @@ class ucp_pm
 		$template->assign_var('S_PRIVMSGS', true);
 
 		// Folder directly specified?
-		$folder_specified = request_var('folder', '');
+		$folder_specified = $request->variable('folder', '');
 
 		if (!in_array($folder_specified, array('inbox', 'outbox', 'sentbox')))
 		{
@@ -75,20 +75,23 @@ class ucp_pm
 
 		if (!$folder_specified)
 		{
-			$mode = (!$mode) ? request_var('mode', 'view') : $mode;
+			$mode = (!$mode) ? $request->variable('mode', 'view') : $mode;
 		}
 		else
 		{
 			$mode = 'view';
 		}
 
-		include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
+		if (!function_exists('get_folder'))
+		{
+			include($phpbb_root_path . 'includes/functions_privmsgs.' . $phpEx);
+		}
 
 		switch ($mode)
 		{
 			// Compose message
 			case 'compose':
-				$action = request_var('action', 'post');
+				$action = $request->variable('action', 'post');
 
 				$user_folders = get_folder($user->data['user_id']);
 
@@ -104,7 +107,10 @@ class ucp_pm
 					break;
 				}
 
-				include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx);
+				if (!function_exists('compose_pm'))
+				{
+					include($phpbb_root_path . 'includes/ucp/ucp_pm_compose.' . $phpEx);
+				}
 				compose_pm($id, $mode, $action, $user_folders);
 
 				$tpl_file = 'posting_body';
@@ -114,7 +120,10 @@ class ucp_pm
 				set_user_message_limit();
 				get_folder($user->data['user_id']);
 
-				include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx);
+				if (!function_exists('message_options'))
+				{
+					include($phpbb_root_path . 'includes/ucp/ucp_pm_options.' . $phpEx);
+				}
 				message_options($id, $mode, $global_privmsgs_rules, $global_rule_conditions);
 
 				$tpl_file = 'ucp_pm_options';
@@ -125,8 +134,10 @@ class ucp_pm
 				get_folder($user->data['user_id']);
 				$this->p_name = 'pm';
 
-				// Call another module... please do not try this at home... Hoochie Coochie Man
-				include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx);
+				if (!class_exists('ucp_main'))
+				{
+					include($phpbb_root_path . 'includes/ucp/ucp_main.' . $phpEx);
+				}
 
 				$module = new ucp_main($this);
 				$module->u_action = $this->u_action;
@@ -151,12 +162,12 @@ class ucp_pm
 				}
 				else
 				{
-					$folder_id = request_var('f', PRIVMSGS_NO_BOX);
-					$action = request_var('action', 'view_folder');
+					$folder_id = $request->variable('f', PRIVMSGS_NO_BOX);
+					$action = $request->variable('action', 'view_folder');
 				}
 
-				$msg_id = request_var('p', 0);
-				$view	= request_var('view', '');
+				$msg_id = $request->variable('p', 0);
+				$view	= $request->variable('view', '');
 
 				// View message if specified
 				if ($msg_id)
@@ -166,20 +177,29 @@ class ucp_pm
 
 				if (!$auth->acl_get('u_readpm'))
 				{
+					send_status_line(403, 'Forbidden');
 					trigger_error('NO_AUTH_READ_MESSAGE');
 				}
 
+				if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm')))
+				{
+					send_status_line(403, 'Forbidden');
+					trigger_error('NO_AUTH_PRINT_MESSAGE');
+				}
+
 				// Do not allow hold messages to be seen
 				if ($folder_id == PRIVMSGS_HOLD_BOX)
 				{
 					trigger_error('NO_AUTH_READ_HOLD_MESSAGE');
 				}
 
+				add_form_key('ucp_pm_view');
+
 				// First Handle Mark actions and moving messages
 				$submit_mark	= (isset($_POST['submit_mark'])) ? true : false;
 				$move_pm		= (isset($_POST['move_pm'])) ? true : false;
-				$mark_option	= request_var('mark_option', '');
-				$dest_folder	= request_var('dest_folder', PRIVMSGS_NO_BOX);
+				$mark_option	= $request->variable('mark_option', '');
+				$dest_folder	= $request->variable('dest_folder', PRIVMSGS_NO_BOX);
 
 				// Is moving PM triggered through mark options?
 				if (!in_array($mark_option, array('mark_important', 'delete_marked')) && $submit_mark)
@@ -189,11 +209,16 @@ class ucp_pm
 					$submit_mark = false;
 				}
 
+				if (($move_pm || $submit_mark) && !check_form_key('ucp_pm_view'))
+				{
+					trigger_error('FORM_INVALID');
+				}
+
 				// Move PM
 				if ($move_pm)
 				{
-					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? request_var('marked_msg_id', array(0)) : array();
-					$cur_folder_id	= request_var('cur_folder_id', PRIVMSGS_NO_BOX);
+					$move_msg_ids	= (isset($_POST['marked_msg_id'])) ? $request->variable('marked_msg_id', array(0)) : array();
+					$cur_folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);
 
 					if (move_pm($user->data['user_id'], $user->data['message_limit'], $move_msg_ids, $dest_folder, $cur_folder_id))
 					{
@@ -201,7 +226,7 @@ class ucp_pm
 						if ($action == 'view_message')
 						{
 							$msg_id		= 0;
-							$folder_id	= request_var('cur_folder_id', PRIVMSGS_NO_BOX);
+							$folder_id	= $request->variable('cur_folder_id', PRIVMSGS_NO_BOX);
 							$action		= 'view_folder';
 						}
 					}
@@ -215,7 +240,7 @@ class ucp_pm
 
 				// If new messages arrived, place them into the appropriate folder
 				$num_not_moved = $num_removed = 0;
-				$release = request_var('release', 0);
+				$release = $request->variable('release', 0);
 
 				if ($user->data['user_new_privmsg'] && ($action == 'view_folder' || $action == 'view_message'))
 				{
@@ -368,7 +393,10 @@ class ucp_pm
 
 				if ($action == 'view_folder')
 				{
-					include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx);
+					if (!function_exists('view_folder'))
+					{
+						include($phpbb_root_path . 'includes/ucp/ucp_pm_viewfolder.' . $phpEx);
+					}
 					view_folder($id, $mode, $folder_id, $folder);
 
 					$tpl_file = 'ucp_pm_viewfolder';
@@ -386,7 +414,10 @@ class ucp_pm
 						trigger_error('NO_MESSAGE');
 					}
 
-					include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx);
+					if (!function_exists('view_message'))
+					{
+						include($phpbb_root_path . 'includes/ucp/ucp_pm_viewmessage.' . $phpEx);
+					}
 					view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row);
 
 					$tpl_file = ($view == 'print') ? 'ucp_pm_viewmessage_print' : 'ucp_pm_viewmessage';
author	Maat <maat-pub@mageia.biz>	2020-05-08 21:52:11 +0200
committer	Maat <maat-pub@mageia.biz>	2020-05-08 21:52:11 +0200
commit	8ea437e30605e0f66b5220bf904a61d7c1d11ddd (patch)
tree	e0db2bb4a012d5b06a633160b19f62f4868ecd28 /phpBB/includes/ucp/ucp_pm.php
parent	36bc1870f21fac04736a1049c1d5b8e127d729f4 (diff)
parent	2fdd46b36431ae0f58bb2e78e42553168db9a0ff (diff)
download	forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.gz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.bz2 forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.tar.xz forums-8ea437e30605e0f66b5220bf904a61d7c1d11ddd.zip