diff options
| author | Chris Smith <toonarmy@phpbb.com> | 2009-12-11 22:27:00 +0000 |
|---|---|---|
| committer | Chris Smith <toonarmy@phpbb.com> | 2009-12-11 22:27:00 +0000 |
| commit | f150bb82819349d2bea5b8bd042e078acbe424d9 (patch) | |
| tree | bade0120e28f4c505e44b8d140baede9ea441418 /phpBB | |
| parent | c9b343b2c842d3301ce82bf837f004b3afe7e089 (diff) | |
| download | forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.gz forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.bz2 forums-f150bb82819349d2bea5b8bd042e078acbe424d9.tar.xz forums-f150bb82819349d2bea5b8bd042e078acbe424d9.zip | |
Do not permit unauthorised users to delete private messages from folder listing. #54355
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10322 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/includes/functions_privmsgs.php | 7 | ||||
| -rw-r--r-- | phpBB/includes/ucp/ucp_pm_viewfolder.php | 6 |
3 files changed, 14 insertions, 0 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index daffd86b23..00f239f6b4 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -112,6 +112,7 @@ <li>[Fix] Do not deliver topics from unreadable or passworded forums in the news feed. (Bug #54345)</li> <li>[Fix] Restore user language choice to compiled stylesheets. (Bug #54035)</li> <li>[Fix] Add missing language entries. (Bug #55095)</li> + <li>[Fix] Do not permit unauthorised users to delete private messages from folder listing. (Bug #54355)</li> <li>[Change] Log activation through inactive users ACP. (Bug #30145)</li> <li>[Change] Send time of last item instead of current time in ATOM Feeds. (Bug #53305)</li> <li>[Change] Use em dash instead of hyphen/minus as separator in ATOM Feeds item statistics. (Bug #53565)</li> diff --git a/phpBB/includes/functions_privmsgs.php b/phpBB/includes/functions_privmsgs.php index c93b6a6bba..4fc5034f7b 100644 --- a/phpBB/includes/functions_privmsgs.php +++ b/phpBB/includes/functions_privmsgs.php @@ -894,6 +894,13 @@ function handle_mark_actions($user_id, $mark_action) case 'delete_marked': + global $auth; + + if (!$auth->acl_get('u_pm_delete')) + { + trigger_error('NO_AUTH_DELETE_MESSAGE'); + } + if (confirm_box(true)) { delete_pm($user_id, $msg_ids, $cur_folder_id); diff --git a/phpBB/includes/ucp/ucp_pm_viewfolder.php b/phpBB/includes/ucp/ucp_pm_viewfolder.php index 33d2c9fb6f..06852db591 100644 --- a/phpBB/includes/ucp/ucp_pm_viewfolder.php +++ b/phpBB/includes/ucp/ucp_pm_viewfolder.php @@ -65,6 +65,12 @@ function view_folder($id, $mode, $folder_id, $folder) $mark_options = array('mark_important', 'delete_marked'); + // Minimise edits + if (!$auth->acl_get('u_pm_delete') && $key = array_search('delete_marked', $mark_options)) + { + unset($mark_options[$key]); + } + $s_mark_options = ''; foreach ($mark_options as $mark_option) { |