diff options
| author | Chris Smith <toonarmy@phpbb.com> | 2009-12-11 22:27:00 +0000 |
|---|---|---|
| committer | Chris Smith <toonarmy@phpbb.com> | 2009-12-11 22:27:00 +0000 |
| commit | f150bb82819349d2bea5b8bd042e078acbe424d9 (patch) | |
| tree | bade0120e28f4c505e44b8d140baede9ea441418 /phpBB/includes | |
| parent | c9b343b2c842d3301ce82bf837f004b3afe7e089 (diff) | |
| download | forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.gz forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.bz2 forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.xz forums-f150bb82819349d2bea5b8bd042e078acbe424d9.zip | |
Do not permit unauthorised users to delete private messages from folder listing. #54355
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10322 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes')
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewfolder.php | 6 |
2 files changed, 13 insertions, 0 deletions
diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index c93b6a6bba..4fc5034f7b 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -894,6 +894,13 @@ function handle_mark_actions($user_id, $mark_action) case 'delete_marked': + global $auth; + + if (!$auth->acl_get('u_pm_delete')) + { + trigger_error('NO_AUTH_DELETE_MESSAGE'); + } + if (confirm_box(true)) { delete_pm($user_id, $msg_ids, $cur_folder_id); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 33d2c9fb6f..06852db591 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -65,6 +65,12 @@ function view_folder($id, $mode, $folder_id, $folder) $mark_options = array('mark_important', 'delete_marked'); + // Minimise edits + if (!$auth->acl_get('u_pm_delete') && $key = array_search('delete_marked', $mark_options)) + { + unset($mark_options[$key]); + } + $s_mark_options = ''; foreach ($mark_options as $mark_option) { |