diff options
| author | Jakub Senko <jakubsenko@gmail.com> | 2016-05-29 12:42:57 +0200 |
|---|---|---|
| committer | Jakub Senko <jakubsenko@gmail.com> | 2016-09-01 08:48:37 +0200 |
| commit | 4b6c2c8cde0b87d32f8df8af87239580ddc340c4 (patch) | |
| tree | 22b13f4776b5111624efedcc73d1b3dc0877117a /phpBB/phpbb | |
| parent | dff950162cd4d79d5e199e833e46a98d381397dc (diff) | |
| download | forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.gz forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.bz2 forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.tar.xz forums-4b6c2c8cde0b87d32f8df8af87239580ddc340c4.zip | |
[ticket/10961] Send HTTP 403 when applicable
PHPBB3-10961
Diffstat (limited to 'phpBB/phpbb')
| -rw-r--r-- | phpBB/phpbb/feed/forum.php | 16 | ||||
| -rw-r--r-- | phpBB/phpbb/feed/topic.php | 24 | ||||
| -rw-r--r-- | phpBB/phpbb/message/topic_form.php | 8 |
3 files changed, 48 insertions, 0 deletions
diff --git a/phpBB/phpbb/feed/forum.php b/phpBB/phpbb/feed/forum.php index 6701c4d9e7..f522e91169 100644 --- a/phpBB/phpbb/feed/forum.php +++ b/phpBB/phpbb/feed/forum.php @@ -74,6 +74,14 @@ class forum extends post_base // Make sure we can read this forum if (!$this->auth->acl_get('f_read', $this->forum_id)) { + if ($this->user->data['user_id'] != ANONYMOUS) + { + send_status_line(403, 'Forbidden'); + } + else + { + send_status_line(401, 'Unauthorized'); + } throw new unauthorized_forum_exception($this->forum_id); } @@ -84,6 +92,14 @@ class forum extends post_base if (isset($forum_ids_passworded[$this->forum_id])) { + if ($this->user->data['user_id'] != ANONYMOUS) + { + send_status_line(403, 'Forbidden'); + } + else + { + send_status_line(401, 'Unauthorized'); + } throw new unauthorized_forum_exception($this->forum_id); } diff --git a/phpBB/phpbb/feed/topic.php b/phpBB/phpbb/feed/topic.php index f029c2b00e..e5f2c41468 100644 --- a/phpBB/phpbb/feed/topic.php +++ b/phpBB/phpbb/feed/topic.php @@ -66,6 +66,14 @@ class topic extends post_base // Make sure topic is either approved or user authed if ($this->topic_data['topic_visibility'] != ITEM_APPROVED && !$this->auth->acl_get('m_approve', $this->forum_id)) { + if ($this->user->data['user_id'] != ANONYMOUS) + { + send_status_line(403, 'Forbidden'); + } + else + { + send_status_line(401, 'Unauthorized'); + } throw new unauthorized_topic_exception($this->topic_id); } @@ -78,6 +86,14 @@ class topic extends post_base // Make sure we can read this forum if (!$this->auth->acl_get('f_read', $this->forum_id)) { + if ($this->user->data['user_id'] != ANONYMOUS) + { + send_status_line(403, 'Forbidden'); + } + else + { + send_status_line(401, 'Unauthorized'); + } throw new unauthorized_forum_exception($this->forum_id); } @@ -88,6 +104,14 @@ class topic extends post_base if (isset($forum_ids_passworded[$this->forum_id])) { + if ($this->user->data['user_id'] != ANONYMOUS) + { + send_status_line(403, 'Forbidden'); + } + else + { + send_status_line(401, 'Unauthorized'); + } throw new unauthorized_forum_exception($this->forum_id); } diff --git a/phpBB/phpbb/message/topic_form.php b/phpBB/phpbb/message/topic_form.php index 174643bb81..dbb883c142 100644 --- a/phpBB/phpbb/message/topic_form.php +++ b/phpBB/phpbb/message/topic_form.php @@ -71,6 +71,14 @@ class topic_form extends form if (!$this->auth->acl_get('f_read', $this->topic_row['forum_id'])) { + if ($this->user->data['user_id'] != ANONYMOUS) + { + send_status_line(403, 'Forbidden'); + } + else + { + send_status_line(401, 'Unauthorized'); + } return 'SORRY_AUTH_READ'; } |