diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-03-13 14:47:57 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-03-13 14:47:57 +0000 |
| commit | 44708b7ebbef0c5a875954141ab751728ef15a87 (patch) | |
| tree | f9ad144db55fead89943be11a8236039ff7e57a7 /phpBB | |
| parent | 58173191edc5b75434dca66edfe4405296d22572 (diff) | |
| download | forums-44708b7ebbef0c5a875954141ab751728ef15a87.tar forums-44708b7ebbef0c5a875954141ab751728ef15a87.tar.gz forums-44708b7ebbef0c5a875954141ab751728ef15a87.tar.bz2 forums-44708b7ebbef0c5a875954141ab751728ef15a87.tar.xz forums-44708b7ebbef0c5a875954141ab751728ef15a87.zip | |
#22805
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8429 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index de627e6217..ba51befde5 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -134,6 +134,7 @@ <li>[Fix] Custom profile fields with date type should be timezone independend (Bug #15003)</li> <li>[Fix] Fixing some XHTML errors/warnings within the ACP (Bug #22875)</li> <li>[Fix] Warnings if poll title/options exceed maximum characters per post (Bug #22865)</li> + <li>[Fix] Do not allow selecting non-authorized groups within memberlist by adjusting URL (Bug #22805 - patch provided by ToonArmy)</li> </ul> diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index d021581cb2..7244a09591 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -1237,6 +1237,7 @@ switch ($mode) { $group_selected = request_var('search_group_id', 0); $s_group_select = '<option value="0"' . ((!$group_selected) ? ' selected="selected"' : '') . '> </option>'; + $group_ids = array(); if ($auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) { @@ -1261,10 +1262,16 @@ switch ($mode) while ($row = $db->sql_fetchrow($result)) { + $group_ids[] = $row['group_id']; $s_group_select .= '<option value="' . $row['group_id'] . '"' . (($group_selected == $row['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; } $db->sql_freeresult($result); + if ($group_selected !== 0 && !in_array($group_selected, $group_ids)) + { + trigger_error('NO_GROUP'); + } + $template->assign_vars(array( 'USERNAME' => $username, 'EMAIL' => $email, |