[ticket/15593] Do not allow print view with direct URL

PHPBB3-15593
author: Jakub Senko <jakubsenko@gmail.com> 2018-09-28 12:55:45 +0200
committer: Jakub Senko <jakubsenko@gmail.com> 2018-09-28 12:55:45 +0200
commit: f657ee51f89fcc0561155069c00957c46f31d96c (patch)
tree: e6861b72852190cfc71b973c5fe0670459b56f17 /phpBB/viewtopic.php
parent: 001f32da95d4f8697ccc9a6107afc8dc68cbe48e (diff)
download: forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar
forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar.gz
forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar.bz2
forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar.xz
forums-f657ee51f89fcc0561155069c00957c46f31d96c.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 79852330d9..ba30fa9c58 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -342,6 +342,12 @@ if (($topic_data['topic_type'] != POST_NORMAL) && $topic_data['topic_time_limit'
 // Setup look and feel
 $user->setup('viewtopic', $topic_data['forum_style']);
 
+if ($view == 'print' && !$auth->acl_get('f_print', $forum_id))
+{
+	send_status_line(403, 'Forbidden');
+	trigger_error('NO_AUTH_PRINT_TOPIC');
+}
+
 $overrides_f_read_check = false;
 $overrides_forum_password_check = false;
 $topic_tracking_info = isset($topic_tracking_info) ? $topic_tracking_info : null;
author	Jakub Senko <jakubsenko@gmail.com>	2018-09-28 12:55:45 +0200
committer	Jakub Senko <jakubsenko@gmail.com>	2018-09-28 12:55:45 +0200
commit	f657ee51f89fcc0561155069c00957c46f31d96c (patch)
tree	e6861b72852190cfc71b973c5fe0670459b56f17 /phpBB/viewtopic.php
parent	001f32da95d4f8697ccc9a6107afc8dc68cbe48e (diff)
download	forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar.gz forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar.bz2 forums-f657ee51f89fcc0561155069c00957c46f31d96c.tar.xz forums-f657ee51f89fcc0561155069c00957c46f31d96c.zip