Update of /cvsroot/phpwsbb/phpwsbb/class
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv6878
Modified Files:
Manager.php
Log Message:
Security fix - Protect post counts from being reset by the general public
Index: Manager.php
===================================================================
RCS file: /cvsroot/phpwsbb/phpwsbb/class/Manager.php,v
retrieving revision 1.71
retrieving revision 1.72
diff -C2 -d -r1.71 -r1.72
*** Manager.php 1 Mar 2006 14:50:18 -0000 1.71
--- Manager.php 1 Mar 2006 20:47:43 -0000 1.72
***************
*** 1269,1272 ****
--- 1269,1287 ----
+ function _recalc_users() {
+ if(!$_SESSION['OBJ_user']->allow_access('phpwsbb', 'edit_forums')) {
+ $message = $_SESSION['translate']->it('Access to update user posts counts was denied due to lack of proper permissions.');
+ $error = new PHPWS_Error('phpwsbb', 'PHPWSBB_Manager::_recalc_users()', $message, 'exit', 1);
+ $error->message();
+ return FALSE;
+ } else {
+ /* Resets all post count to 0 so they'll be recalculated on user_load */
+ $GLOBALS['core']->query('UPDATE mod_phpwsbb_user_info SET posts=0', true);
+ $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('Bulletin Board Forums');
+ $GLOBALS['CNT_phpwsbb']['content'] = $_SESSION['translate']->it('All user post counts have been reset.');
+ }
+ }// END FUNC recalc_users
+
+
function action() {
if(PHPWS_Message::isMessage($this->notice)) {
***************
*** 1433,1447 ****
case 'recalc_users':
! /* Resets all post count to 0 so they'll be recalculated on user_load */
! $GLOBALS['core']->query('UPDATE mod_phpwsbb_user_info SET posts=0', true);
! $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('Bulletin Board Forums');
! $GLOBALS['CNT_phpwsbb']['content'] = $_SESSION['translate']->it('All user post counts have been reset.');
break;
case 'getnew':
! if (!$since = $GLOBALS['core']->getOne('SELECT last_on FROM mod_phpwsbb_user_info WHERE user_id = '.$_SESSION['OBJ_user']->user_id, 1))
! $since = time();
! $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('New Posts Since My Last Visit on [var1]', date(PHPWS_DATE_FORMAT . ' ' . PHPWS_TIME_FORMAT, $since));
! $GLOBALS['CNT_phpwsbb']['content'] = $this->_menu() . $this->_listNewThreads($since);
break;
}
--- 1448,1460 ----
case 'recalc_users':
! $this->_recalc_users();
! $this->_list();
break;
case 'getnew':
! if (!$since = $GLOBALS['core']->getOne('SELECT last_on FROM mod_phpwsbb_user_info WHERE user_id = '.$_SESSION['OBJ_user']->user_id, 1))
! $since = time();
! $GLOBALS['CNT_phpwsbb']['title'] = $_SESSION['translate']->it('New Posts Since My Last Visit on [var1]', date(PHPWS_DATE_FORMAT . ' ' . PHPWS_TIME_FORMAT, $since));
! $GLOBALS['CNT_phpwsbb']['content'] = $this->_menu() . $this->_listNewThreads($since);
break;
}
***************
*** 1548,1550 ****
}
! ?>
\ No newline at end of file
--- 1561,1563 ----
}
! ?>
|
