diff options
| -rw-r--r-- | phpBB/docs/CHANGELOG.html | 1 | ||||
| -rw-r--r-- | phpBB/memberlist.php | 21 | ||||
| -rw-r--r-- | phpBB/styles/prosilver/template/memberlist_search.html | 2 | ||||
| -rw-r--r-- | phpBB/styles/subsilver2/template/memberlist_search.html | 4 |
4 files changed, 19 insertions, 9 deletions
diff --git a/phpBB/docs/CHANGELOG.html b/phpBB/docs/CHANGELOG.html index 6d1f0759cc..b7490eabb1 100644 --- a/phpBB/docs/CHANGELOG.html +++ b/phpBB/docs/CHANGELOG.html @@ -143,6 +143,7 @@ <li>[Fix] Do not error out if php_uname function disabled / Authenticating on SMTP Server (Bug #22235 - patch by HoL)</li> <li>[Fix] Correctly obtain to be ignored users within topic/forum notification (Bug #21795 - patch provided by dr.death)</li> <li>[Fix] Correctly update board statistics for attaching orphaned files to existing posts (Bug #20185)</li> + <li>[Sec] Only allow searching by email address in memberlist for users having the a_user permission (reported by evil<3)</li> </ul> diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 18a8c9b77c..a4c6b18f8f 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -880,20 +880,22 @@ switch ($mode) $template_html = 'memberlist_body.html'; // Sorting - $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'e' => $user->lang['SORT_EMAIL'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['JABBER']); + $sort_key_text = array('a' => $user->lang['SORT_USERNAME'], 'b' => $user->lang['SORT_LOCATION'], 'c' => $user->lang['SORT_JOINED'], 'd' => $user->lang['SORT_POST_COUNT'], 'f' => $user->lang['WEBSITE'], 'g' => $user->lang['ICQ'], 'h' => $user->lang['AIM'], 'i' => $user->lang['MSNM'], 'j' => $user->lang['YIM'], 'k' => $user->lang['JABBER']); + $sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber'); - if ($auth->acl_get('u_viewonline')) + if ($auth->acl_get('a_user')) { - $sort_key_text['l'] = $user->lang['SORT_LAST_ACTIVE']; + $sort_key_text['e'] = $user->lang['SORT_EMAIL']; + $sort_key_sql['e'] = 'u.user_email'; } - $sort_key_text['m'] = $user->lang['SORT_RANK']; - - $sort_key_sql = array('a' => 'u.username_clean', 'b' => 'u.user_from', 'c' => 'u.user_regdate', 'd' => 'u.user_posts', 'e' => 'u.user_email', 'f' => 'u.user_website', 'g' => 'u.user_icq', 'h' => 'u.user_aim', 'i' => 'u.user_msnm', 'j' => 'u.user_yim', 'k' => 'u.user_jabber'); if ($auth->acl_get('u_viewonline')) { + $sort_key_text['l'] = $user->lang['SORT_LAST_ACTIVE']; $sort_key_sql['l'] = 'u.user_lastvisit'; } + + $sort_key_text['m'] = $user->lang['SORT_RANK']; $sort_key_sql['m'] = 'u.user_rank DESC, u.user_posts'; $sort_dir_text = array('a' => $user->lang['ASCENDING'], 'd' => $user->lang['DESCENDING']); @@ -969,7 +971,7 @@ switch ($mode) } $sql_where .= ($username) ? ' AND u.username_clean ' . $db->sql_like_expression(str_replace('*', $db->any_char, utf8_clean_string($username))) : ''; - $sql_where .= ($email) ? ' AND u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : ''; + $sql_where .= ($auth->acl_get('a_user') && $email) ? ' AND u.user_email ' . $db->sql_like_expression(str_replace('*', $db->any_char, $email)) . ' ' : ''; $sql_where .= ($icq) ? ' AND u.user_icq ' . $db->sql_like_expression(str_replace('*', $db->any_char, $icq)) . ' ' : ''; $sql_where .= ($aim) ? ' AND u.user_aim ' . $db->sql_like_expression(str_replace('*', $db->any_char, $aim)) . ' ' : ''; $sql_where .= ($yahoo) ? ' AND u.user_yim ' . $db->sql_like_expression(str_replace('*', $db->any_char, $yahoo)) . ' ' : ''; @@ -1286,6 +1288,7 @@ switch ($mode) 'IP' => $ipdomain, 'S_IP_SEARCH_ALLOWED' => ($auth->acl_getf_global('m_info')) ? true : false, + 'S_EMAIL_SEARCH_ALLOWED'=> ($auth->acl_get('a_user')) ? true : false, 'S_IN_SEARCH_POPUP' => ($form && $field) ? true : false, 'S_SEARCH_USER' => true, 'S_FORM_NAME' => $form, @@ -1485,9 +1488,9 @@ function show_profile($data) $rank_title = $rank_img = $rank_img_src = ''; get_user_rank($data['user_rank'], $data['user_posts'], $rank_title, $rank_img, $rank_img_src); - if (!empty($data['user_allow_viewemail']) || $auth->acl_get('a_email')) + if (!empty($data['user_allow_viewemail']) || $auth->acl_get('a_user')) { - $email = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=email&u=' . $user_id) : (($config['board_hide_emails'] && !$auth->acl_get('a_email')) ? '' : 'mailto:' . $data['user_email']); + $email = ($config['board_email_form'] && $config['email_enable']) ? append_sid("{$phpbb_root_path}memberlist.$phpEx", 'mode=email&u=' . $user_id) : (($config['board_hide_emails'] && !$auth->acl_get('a_user')) ? '' : 'mailto:' . $data['user_email']); } else { diff --git a/phpBB/styles/prosilver/template/memberlist_search.html b/phpBB/styles/prosilver/template/memberlist_search.html index 1d1d45bf8e..65c4707944 100644 --- a/phpBB/styles/prosilver/template/memberlist_search.html +++ b/phpBB/styles/prosilver/template/memberlist_search.html @@ -53,10 +53,12 @@ function insert_single(user) <dt><label for="username">{L_USERNAME}:</label></dt> <dd><input type="text" name="username" id="username" value="{USERNAME}" class="inputbox" /></dd> </dl> +<!-- IF S_EMAIL_SEARCH_ALLOWED --> <dl> <dt><label for="email">{L_EMAIL}:</label></dt> <dd><input type="text" name="email" id="email" value="{EMAIL}" class="inputbox" /></dd> </dl> +<!-- ENDIF --> <dl> <dt><label for="icq">{L_ICQ}:</label></dt> <dd><input type="text" name="icq" id="icq" value="{ICQ}" class="inputbox" /></dd> diff --git a/phpBB/styles/subsilver2/template/memberlist_search.html b/phpBB/styles/subsilver2/template/memberlist_search.html index fff71a90d6..96ffad00d6 100644 --- a/phpBB/styles/subsilver2/template/memberlist_search.html +++ b/phpBB/styles/subsilver2/template/memberlist_search.html @@ -84,8 +84,12 @@ <td class="row2"><input class="post" type="text" name="icq" value="{ICQ}" /></td> </tr> <tr> +<!-- IF S_EMAIL_SEARCH_ALLOWED --> <td class="row1"><b class="genmed">{L_EMAIL}:</b></td> <td class="row2"><input class="post" type="text" name="email" value="{EMAIL}" /></td> +<!-- ELSE --> + <td colspan="2" class="row1"> </td> +<!-- ENDIF --> <td class="row1"><b class="genmed">{L_AIM}:</b></td> <td class="row2"><input class="post" type="text" name="aim" value="{AIM}" /></td> </tr> |