From fed2956ed6badc03f0acf87a8ba724bd850d257d Mon Sep 17 00:00:00 2001 From: Meik Sievertsen Date: Fri, 2 Mar 2007 10:41:53 +0000 Subject: do not display passworded forum topics within the active topics list if the user did not enter the password before... thanks to gamer4ever for pointing this out (though next time straight to the security tracker please) git-svn-id: file:///svn/phpbb/trunk@7106 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/viewforum.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'phpBB/viewforum.php') diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 990a635c7a..58ee68a38e 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -372,13 +372,27 @@ else $sql_start = $start; } +if ($forum_data['forum_type'] == FORUM_POST || !sizeof($active_forum_ary)) +{ + $sql_where = 't.forum_id = ' . $forum_id; +} +else if (empty($active_forum_ary['exclude_forum_id'])) +{ + $sql_where = $db->sql_in_set('t.forum_id', $active_forum_ary['forum_id']); +} +else +{ + $get_forum_ids = array_diff($active_forum_ary['forum_id'], $active_forum_ary['exclude_forum_id']); + $sql_where = (sizeof($get_forum_ids)) ? $db->sql_in_set('t.forum_id', $get_forum_ids) : 't.forum_id = ' . $forum_id; +} + // SQL array for obtaining topics/stickies $sql_array = array( 'SELECT' => $sql_array['SELECT'], 'FROM' => $sql_array['FROM'], 'LEFT_JOIN' => $sql_array['LEFT_JOIN'], - 'WHERE' => (($forum_data['forum_type'] == FORUM_POST || !sizeof($active_forum_ary)) ? 't.forum_id = ' . $forum_id : $db->sql_in_set('t.forum_id', $active_forum_ary['forum_id'])) . " + 'WHERE' => $sql_where . " AND t.topic_type = {SQL_TOPIC_TYPE} $sql_approved $sql_limit_time", -- cgit v1.2.1