diff options
author | Henry Sudhof <kellanved@phpbb.com> | 2007-06-21 15:23:47 +0000 |
---|---|---|
committer | Henry Sudhof <kellanved@phpbb.com> | 2007-06-21 15:23:47 +0000 |
commit | 409749f85770cfd4ce47962ec71681e44f03b614 (patch) | |
tree | 41dab42ee453b925c3ae3b8d10133af37aba5b6c /phpBB | |
parent | 59ee46e2a963492f53cc78189b5020536338986d (diff) | |
download | forums-409749f85770cfd4ce47962ec71681e44f03b614.tar forums-409749f85770cfd4ce47962ec71681e44f03b614.tar.gz forums-409749f85770cfd4ce47962ec71681e44f03b614.tar.bz2 forums-409749f85770cfd4ce47962ec71681e44f03b614.tar.xz forums-409749f85770cfd4ce47962ec71681e44f03b614.zip |
#12595
git-svn-id: file:///svn/phpbb/trunk@7786 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
-rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
-rw-r--r-- | phpBB/includes/ucp/ucp_main.php | 46 |
2 files changed, 37 insertions, 10 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index eec7dabf40..1bf08bdb07 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -292,6 +292,7 @@ p a { <li>[Fix] Writing directories/files with correct permissions using FTP for transfers on PHP4</li> <li>[Fix] Oracle sequences during conversions are now corrected (Bug #12555)</li> <li>[Fix] Allow users to continue after selecting "No" in the merge quickmod confirmation (Bug #12577)</li> + <li>[Fix] Correctly check permissions on the UCP subscription/bookmark pages (Bug #12595)</li> </ul> diff --git a/phpBB/includes/ucp/ucp_main.php b/phpBB/includes/ucp/ucp_main.php index f827187956..f542bddec9 100644 --- a/phpBB/includes/ucp/ucp_main.php +++ b/phpBB/includes/ucp/ucp_main.php @@ -231,8 +231,13 @@ class ucp_main } } + $forbidden_forums = array(); + if ($config['allow_forum_notify']) { + $forbidden_forums = $forbidden_forums = $auth->acl_getf('!f_read', true); + $forbidden_forums = array_unique(array_keys($forbidden_forums)); + $sql_array = array( 'SELECT' => 'f.*', @@ -242,7 +247,8 @@ class ucp_main ), 'WHERE' => 'fw.user_id = ' . $user->data['user_id'] . ' - AND f.forum_id = fw.forum_id', + AND f.forum_id = fw.forum_id + AND ' . $db->sql_in_set('f.forum_id', $forbidden_forums, true, true), 'ORDER_BY' => 'left_id' ); @@ -330,7 +336,12 @@ class ucp_main // Subscribed Topics if ($config['allow_topic_notify']) { - $this->assign_topiclist('subscribed'); + if (empty($forbidden_forums)) + { + $forbidden_forums = $auth->acl_getf('!f_read', true); + $forbidden_forums = array_unique(array_keys($forbidden_forums)); + } + $this->assign_topiclist('subscribed', $forbidden_forums); } $template->assign_vars(array( @@ -386,8 +397,10 @@ class ucp_main confirm_box(false, 'REMOVE_SELECTED_BOOKMARKS', build_hidden_fields($s_hidden_fields)); } } - - $this->assign_topiclist('bookmarks'); + $forbidden_forums = $auth->acl_getf('!f_read', true); + $forbidden_forums = array_unique(array_keys($forbidden_forums)); + + $this->assign_topiclist('bookmarks', $forbidden_forums); break; @@ -584,16 +597,26 @@ class ucp_main /** * Build and assign topiclist for bookmarks/subscribed topics */ - function assign_topiclist($mode = 'subscribed') + function assign_topiclist($mode = 'subscribed', $forbidden_forum_ary = array()) { global $user, $db, $template, $config, $auth, $phpbb_root_path, $phpEx; $table = ($mode == 'subscribed') ? TOPICS_WATCH_TABLE : BOOKMARKS_TABLE; $start = request_var('start', 0); - $sql = 'SELECT COUNT(topic_id) as topics_count - FROM ' . $table . ' - WHERE user_id = ' . $user->data['user_id']; + $sql_array = array( + 'SELECT' => 'COUNT(t.topic_id) as topics_count', + + 'FROM' => array( + $table => 'i', + TOPICS_TABLE => 't' + ), + + 'WHERE' => 'i.topic_id = t.topic_id + AND i.user_id = ' . $user->data['user_id'] . ' + AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true), + ); + $sql = $db->sql_build_query('SELECT', $sql_array); $result = $db->sql_query($sql); $topics_count = (int) $db->sql_fetchfield('topics_count'); $db->sql_freeresult($result); @@ -618,7 +641,9 @@ class ucp_main ), 'WHERE' => 'tw.user_id = ' . $user->data['user_id'] . ' - AND t.topic_id = tw.topic_id', + AND t.topic_id = tw.topic_id + AND ' . $db->sql_in_set('t.forum_id', $forbidden_forum_ary, true, true), + 'ORDER_BY' => 't.topic_last_post_time DESC' ); @@ -634,7 +659,8 @@ class ucp_main BOOKMARKS_TABLE => 'b', ), - 'WHERE' => 'b.user_id = ' . $user->data['user_id'], + 'WHERE' => 'b.user_id = ' . $user->data['user_id'] . ' + AND ' . $db->sql_in_set('f.forum_id', $forbidden_forum_ary, true, true), 'ORDER_BY' => 't.topic_last_post_time DESC' ); |