From 2308472eb0a5bc03aa520f4afe2e69aa52622653 Mon Sep 17 00:00:00 2001 From: rxu Date: Sun, 26 Apr 2015 10:51:01 +0700 Subject: [ticket/13779] Set new auth options to the role only if matching the role type Migrations' permission tool allows setting permissions to the role which doesn't match the role type, e.g. m_ permissions for u_ role types and so on. As one of side effects, this may lead to granting users moderative/admin permissions silently. With this patch the only new permissions matching the role type will be set. PHPBB3-13779 --- phpBB/phpbb/db/migration/tool/permission.php | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'phpBB/phpbb/db/migration/tool') diff --git a/phpBB/phpbb/db/migration/tool/permission.php b/phpBB/phpbb/db/migration/tool/permission.php index 1a91127d2d..ceff6d7d5a 100644 --- a/phpBB/phpbb/db/migration/tool/permission.php +++ b/phpBB/phpbb/db/migration/tool/permission.php @@ -425,13 +425,27 @@ class permission implements \phpbb\db\migration\tool\tool_interface $role_id = (int) $this->db->sql_fetchfield('auth_role_id'); if ($role_id) { - $sql = 'SELECT role_name + $sql = 'SELECT role_name, role_type FROM ' . ACL_ROLES_TABLE . ' WHERE role_id = ' . $role_id; $this->db->sql_query($sql); - $role_name = $this->db->sql_fetchfield('role_name'); - - return $this->permission_set($role_name, $auth_option, 'role', $has_permission); + $role_data = $this->db->sql_fetchrow(); + $role_name = $role_data['role_name']; + $role_type = $role_data['role_type']; + + // Filter new auth options to match the role type: a_ | f_ | m_ | u_ + // Set new auth options to the role only if options matching the role type were found + $auth_option = array_filter($auth_option, + function ($option) use ($role_type) + { + return strpos($option, $role_type) === 0; + } + ); + + if (sizeof($auth_option)) + { + return $this->permission_set($role_name, $auth_option, 'role', $has_permission); + } } $sql = 'SELECT auth_option_id, auth_setting -- cgit v1.2.1