Moderators can only see reports/queue/logs from forums they can actually read. #31085

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9015 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Chris Smith <toonarmy@phpbb.com> 2008-10-14 18:29:50 +0000
committer: Chris Smith <toonarmy@phpbb.com> 2008-10-14 18:29:50 +0000
commit: bc2f055ccd3be52337d64af34aa685b5859ac850 (patch)
tree: 3045fb3f4c589ca8fb7bb61e7e7f92e60be85bda /phpBB
parent: 02dd8c52c2150ebf2e1f85032bcdf2924d00557b (diff)
download: forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar
forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar.gz
forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar.bz2
forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar.xz
forums-bc2f055ccd3be52337d64af34aa685b5859ac850.zip
6 files changed, 31 insertions, 8 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html
index 5257039535..7412e4f7bd 100644
--- a/phpBB/docs/CHANGELOG.html
+++ b/phpBB/docs/CHANGELOG.html
@@ -146,6 +146,7 @@
 		<li>[Fix] Disable mass e-mail when e-mail is disabled. (Bug #27385)</li>
 		<li>[Fix] Display coloured poster username of queued posts displayed on the front of the MCP.</li>
 		<li>[Fix] Forum last post information is now correctly updated when a topic/post is disapproved due to editing. (Bug #24475)</li>
+		<li>[Fix] Moderators can only see reports/queue/logs from forums they can actually read. (Bug #31085)</li>
 
 		<li>[Change] No longer allow the direct use of MULTI_INSERT in sql_build_array. sql_multi_insert() must be used.</li>
 		<li>[Change] Display warning in ACP if config.php file is left writable.</li>
diff --git a/phpBB/includes/mcp/mcp_front.php b/phpBB/includes/mcp/mcp_front.php
index d0278cc44c..c63f18d562 100644
--- a/phpBB/includes/mcp/mcp_front.php
+++ b/phpBB/includes/mcp/mcp_front.php
@@ -27,7 +27,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 unapproved
 	if ($module->loaded('queue'))
 	{
-		$forum_list = get_forum_list('m_approve');
+		$forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'));
 		$post_list = array();
 		$forum_names = array();
 
@@ -143,7 +143,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 reported
 	if ($module->loaded('reports'))
 	{
-		$forum_list = get_forum_list('m_report');
+		$forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_report'));
 
 		$template->assign_var('S_SHOW_REPORTS', (!empty($forum_list)) ? true : false);
 
@@ -246,7 +246,7 @@ function mcp_front_view($id, $mode, $action)
 	// Latest 5 logs
 	if ($module->loaded('logs'))
 	{
-		$forum_list = get_forum_list('m_');
+		$forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_'));
 
 		if (!empty($forum_list))
 		{
diff --git a/phpBB/includes/mcp/mcp_logs.php b/phpBB/includes/mcp/mcp_logs.php
index 6c20cf85b4..c1438d4a2d 100644
--- a/phpBB/includes/mcp/mcp_logs.php
+++ b/phpBB/includes/mcp/mcp_logs.php
@@ -63,7 +63,7 @@ class mcp_logs
 		$this->tpl_name = 'mcp_logs';
 		$this->page_title = 'MCP_LOGS';
 
-		$forum_list = get_forum_list('m_');
+		$forum_list = array_intersect(get_forum_list('f_read'), get_forum_list('m_'));
 		$forum_list[] = 0;
 
 		$forum_id = $topic_id = 0;
diff --git a/phpBB/includes/mcp/mcp_queue.php b/phpBB/includes/mcp/mcp_queue.php
index 665d7da20b..1e368c4fc6 100644
--- a/phpBB/includes/mcp/mcp_queue.php
+++ b/phpBB/includes/mcp/mcp_queue.php
@@ -242,6 +242,17 @@ class mcp_queue
 				}
 
 				$forum_list_approve = get_forum_list('m_approve', false, true);
+				$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
+
+				// Remove forums we cannot read
+				foreach ($forum_list_approve as $k => $forum_data)
+				{
+					if (!isset($forum_list_read[$forum_data['forum_id']]))
+					{
+						unset($forum_list_approve[$k]);
+					}
+				}
+				unset($forum_list_read);
 
 				if (!$forum_id)
 				{
diff --git a/phpBB/includes/mcp/mcp_reports.php b/phpBB/includes/mcp/mcp_reports.php
index 1f1eb37b46..27d841c81b 100644
--- a/phpBB/includes/mcp/mcp_reports.php
+++ b/phpBB/includes/mcp/mcp_reports.php
@@ -246,6 +246,17 @@ class mcp_reports
 
 				$forum_info = array();
 				$forum_list_reports = get_forum_list('m_report', false, true);
+				$forum_list_read = array_flip(get_forum_list('f_read', true, true)); // Flipped so we can isset() the forum IDs
+
+				// Remove forums we cannot read
+				foreach ($forum_list_reports as $k => $forum_data)
+				{
+					if (!isset($forum_list_read[$forum_data['forum_id']]))
+					{
+						unset($forum_list_reports[$k]);
+					}
+				}
+				unset($forum_list_read);
 
 				if ($topic_id && $forum_id)
 				{
diff --git a/phpBB/mcp.php b/phpBB/mcp.php
index 5e8102d774..47578c3532 100644
--- a/phpBB/mcp.php
+++ b/phpBB/mcp.php
@@ -612,7 +612,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
 
 			$sql = 'SELECT COUNT(post_id) AS total
 				FROM ' . POSTS_TABLE . "
-				$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . '
+				$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . '
 					AND post_approved = 0';
 
 			if ($min_time)
@@ -628,7 +628,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
 
 			$sql = 'SELECT COUNT(topic_id) AS total
 				FROM ' . TOPICS_TABLE . "
-				$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_approve')) . '
+				$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_approve'))) . '
 					AND topic_approved = 0';
 
 			if ($min_time)
@@ -654,7 +654,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
 			}
 			else
 			{
-				$where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list('!m_report'), true, true);
+				$where_sql .= ' ' . $db->sql_in_set('p.forum_id', get_forum_list(array('!f_read', '!m_report')), true, true);
 			}
 
 			if ($mode == 'reports')
@@ -680,7 +680,7 @@ function mcp_sorting($mode, &$sort_days, &$sort_key, &$sort_dir, &$sort_by_sql,
 
 			$sql = 'SELECT COUNT(log_id) AS total
 				FROM ' . LOG_TABLE . "
-				$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : get_forum_list('m_')) . '
+				$where_sql " . $db->sql_in_set('forum_id', ($forum_id) ? array($forum_id) : array_intersect(get_forum_list('f_read'), get_forum_list('m_'))) . '
 					AND log_time >= ' . $min_time . '
 					AND log_type = ' . LOG_MOD;
 		break;
author	Chris Smith <toonarmy@phpbb.com>	2008-10-14 18:29:50 +0000
committer	Chris Smith <toonarmy@phpbb.com>	2008-10-14 18:29:50 +0000
commit	bc2f055ccd3be52337d64af34aa685b5859ac850 (patch)
tree	3045fb3f4c589ca8fb7bb61e7e7f92e60be85bda /phpBB
parent	02dd8c52c2150ebf2e1f85032bcdf2924d00557b (diff)
download	forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar.gz forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar.bz2 forums-bc2f055ccd3be52337d64af34aa685b5859ac850.tar.xz forums-bc2f055ccd3be52337d64af34aa685b5859ac850.zip