Merge pull request #5387 from senky/ticket/15593

[ticket/15593] Do not allow print view with direct URL
author: Marc Alexander <admin@m-a-styles.de> 2018-10-27 23:48:53 +0200
committer: Marc Alexander <admin@m-a-styles.de> 2018-10-27 23:48:53 +0200
commit: 20393592d7c58a548853015cfbf489ea964f3c0f (patch)
tree: 4541703c5714f3843b83f4a84f1836b49c0c6ded /phpBB/includes/ucp
parent: 0cded66ff2833da9afaf06b1418d9b9322a890fa (diff)
parent: f657ee51f89fcc0561155069c00957c46f31d96c (diff)
download: forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar
forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.gz
forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.bz2
forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.xz
forums-20393592d7c58a548853015cfbf489ea964f3c0f.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/phpBB/includes/ucp/ucp_pm.php b/phpBB/includes/ucp/ucp_pm.php
index d145d66f59..fa374c15c8 100644
--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -170,6 +170,12 @@ class ucp_pm
 					trigger_error('NO_AUTH_READ_MESSAGE');
 				}
 
+				if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm')))
+				{
+					send_status_line(403, 'Forbidden');
+					trigger_error('NO_AUTH_PRINT_MESSAGE');
+				}
+
 				// Do not allow hold messages to be seen
 				if ($folder_id == PRIVMSGS_HOLD_BOX)
 				{
author	Marc Alexander <admin@m-a-styles.de>	2018-10-27 23:48:53 +0200
committer	Marc Alexander <admin@m-a-styles.de>	2018-10-27 23:48:53 +0200
commit	20393592d7c58a548853015cfbf489ea964f3c0f (patch)
tree	4541703c5714f3843b83f4a84f1836b49c0c6ded /phpBB/includes/ucp
parent	0cded66ff2833da9afaf06b1418d9b9322a890fa (diff)
parent	f657ee51f89fcc0561155069c00957c46f31d96c (diff)
download	forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.gz forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.bz2 forums-20393592d7c58a548853015cfbf489ea964f3c0f.tar.xz forums-20393592d7c58a548853015cfbf489ea964f3c0f.zip