Menu
▾
▴
[phpwsbb-commits] phpwsbb/class Manager.php,1.71,1.72
|
From: Shaun M. <sin...@us...> - 2006-03-01 20:47:48
|
Update of /cvsroot/phpwsbb/phpwsbb/class In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6878 Modified Files: Manager.php Log Message: Security fix - Protect post counts from being reset by the general public Index: Manager.php =================================================================== RCS file: /cvsroot/phpwsbb/phpwsbb/class/Manager.php,v retrieving revision 1.71 retrieving revision 1.72 diff -C2 -d -r1.71 -r1.72 *** Manager.php 1 Mar 2006 14:50:18 -0000 1.71 --- Manager.php 1 Mar 2006 20:47:43 -0000 1.72 *************** *** 1269,1272 **** --- 1269,1287 ---- + function _recalc_users() { + if(!$_SESSION['OBJ_user']->allow_access('phpwsbb', 'edit_forums')) { + $message = $_SESSION['translate']->it('Access to update user posts counts was denied due to lack of proper permissions.'); + $error = new PHPWS_Error('phpwsbb', 'PHPWSBB_Manager::_recalc_users()', $message, 'exit', 1); + $error->message(); + return FALSE; + } else { + /* Resets all post count to 0 so they'll be recalculated on user_load */ + $GLOBALS['core']->query('UPDATE mod_phpwsbb_user_info SET posts=0', true); + $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('Bulletin Board Forums'); + $GLOBALS['CNT_phpwsbb']['content'] = $_SESSION['translate']->it('All user post counts have been reset.'); + } + }// END FUNC recalc_users + + function action() { if(PHPWS_Message::isMessage($this->notice)) { *************** *** 1433,1447 **** case 'recalc_users': ! /* Resets all post count to 0 so they'll be recalculated on user_load */ ! $GLOBALS['core']->query('UPDATE mod_phpwsbb_user_info SET posts=0', true); ! $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('Bulletin Board Forums'); ! $GLOBALS['CNT_phpwsbb']['content'] = $_SESSION['translate']->it('All user post counts have been reset.'); break; case 'getnew': ! if (!$since = $GLOBALS['core']->getOne('SELECT last_on FROM mod_phpwsbb_user_info WHERE user_id = '.$_SESSION['OBJ_user']->user_id, 1)) ! $since = time(); ! $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('New Posts Since My Last Visit on [var1]', date(PHPWS_DATE_FORMAT . ' ' . PHPWS_TIME_FORMAT, $since)); ! $GLOBALS['CNT_phpwsbb']['content'] = $this->_menu() . $this->_listNewThreads($since); break; } --- 1448,1460 ---- case 'recalc_users': ! $this->_recalc_users(); ! $this->_list(); break; case 'getnew': ! if (!$since = $GLOBALS['core']->getOne('SELECT last_on FROM mod_phpwsbb_user_info WHERE user_id = '.$_SESSION['OBJ_user']->user_id, 1)) ! $since = time(); ! $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('New Posts Since My Last Visit on [var1]', date(PHPWS_DATE_FORMAT . ' ' . PHPWS_TIME_FORMAT, $since)); ! $GLOBALS['CNT_phpwsbb']['content'] = $this->_menu() . $this->_listNewThreads($since); break; } *************** *** 1548,1550 **** } ! ?> \ No newline at end of file --- 1561,1563 ---- } ! ?> |
