[Phpbb-checkins] r9915 - in /branches/phpBB-3_0_0/phpBB: memberlist.php ucp.php

[Henry S. <kel...@ph...>]

Author: Kellanved
Date: Mon Aug  3 14:32:52 2009
New Revision: 9915

Log:
require link hash for switchperm

Modified:
    branches/phpBB-3_0_0/phpBB/memberlist.php
    branches/phpBB-3_0_0/phpBB/ucp.php

Modified: branches/phpBB-3_0_0/phpBB/memberlist.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/memberlist.php (original)
--- branches/phpBB-3_0_0/phpBB/memberlist.php Mon Aug  3 14:32:52 2009
***************
*** 580,586 ****
  			'U_USER_BAN'			=> ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '',
  			'U_MCP_QUEUE'			=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
  
! 			'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}") : '',
  
  			'S_USER_NOTES'		=> ($user_notes_enabled) ? true : false,
  			'S_WARN_USER'		=> ($warn_user_enabled) ? true : false,
--- 580,586 ----
  			'U_USER_BAN'			=> ($auth->acl_get('m_ban') && $user_id != $user->data['user_id']) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=ban&mode=user&u=' . $user_id, true, $user->session_id) : '',
  			'U_MCP_QUEUE'			=> ($auth->acl_getf_global('m_approve')) ? append_sid("{$phpbb_root_path}mcp.$phpEx", 'i=queue', true, $user->session_id) : '',
  
! 			'U_SWITCH_PERMISSIONS'	=> ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? append_sid("{$phpbb_root_path}ucp.$phpEx", "mode=switch_perm&u={$user_id}&hash=" . generate_link_hash('switchperm')) : '',
  
  			'S_USER_NOTES'		=> ($user_notes_enabled) ? true : false,
  			'S_WARN_USER'		=> ($warn_user_enabled) ? true : false,

Modified: branches/phpBB-3_0_0/phpBB/ucp.php
==============================================================================
*** branches/phpBB-3_0_0/phpBB/ucp.php (original)
--- branches/phpBB-3_0_0/phpBB/ucp.php Mon Aug  3 14:32:52 2009
***************
*** 186,192 ****
  		$user_row = $db->sql_fetchrow($result);
  		$db->sql_freeresult($result);
  
! 		if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'])
  		{
  			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  		}
--- 186,192 ----
  		$user_row = $db->sql_fetchrow($result);
  		$db->sql_freeresult($result);
  
! 		if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id'] || !check_link_hash(request_var('hash', ''), 'switchperm'))
  		{
  			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
  		}