fix: self-kicking from alliance disallowed

This commit is contained in:
Martin Ambrus
2017-10-22 00:31:25 +02:00
parent e3b6bbeb70
commit 40eacecea6
5 changed files with 20 additions and 5 deletions
+1 -1
View File
@@ -332,7 +332,7 @@
private function kickAlliUser($post) {
global $database, $session, $form;
if($session->access != BANNED){
$UserData = $database->getUserArray($post['a_user'], 0);
$UserData = $database->getUserArray($post['a_user'], 1);
if($this->userPermArray['opt2'] == 0) {
$form->addError("perm", NO_PERMISSION);
} else if($UserData['id'] != $session->uid){
+2 -2
View File
@@ -1681,9 +1681,9 @@ class MYSQLi_DB {
$num_rows = mysqli_num_rows($result);
if($num_rows == 0) {
$q = "DELETE FROM " . TB_PREFIX . "alidata WHERE id = $aid";
mysqli_query($this->dblink,$q);
return mysqli_insert_id($this->dblink);
}
mysqli_query($this->dblink,$q);
return mysqli_insert_id($this->dblink);
}
/*****************************************
+14
View File
@@ -25,6 +25,20 @@ martinambrus changes:
13. alliance description now really editable
14. Admin SQL injection fixes
15. fix for map not showing natar villages
16. weak MD5 password in database converted into strong bcrypt ones
17. newsbox 1 best player can also show admin if they are enabled in config
18. Natar random attacks show attacker as ?? as intended now
19. System Message can contain quotes and no longer inserts BOM characters at the beginning
20. front-end + Admin page titles now correctly reflect where we really are (so browsing history can be navigated easily instead of showing Travian on every page)
21. Return to Server link in Admin works fine if homepage in config does not end with a slash
22. Great Workshop no longer shows as "Error" in Admin when editing Village
23. Great Workshop added to manual pages
24. new Combat Simulator link when showing details of oasis for quicker determination if we can win that fight
25. Support, Taskmaster & Multihunter no longer shown in statistics as last players with 0 villages
26. invalid <br /> tags no longer added to description textboxes when editing User in Admin
27. editing additional user data in Admin now saves them when Enter is used instead of clicking on "Save" as well
28. fixed reports pagination always staying on "All" tab
29. fix for the "fixed" :) self-kicking from an alliance
Shadowss changes:
+3 -1
View File
@@ -27,7 +27,9 @@ include("alli_menu.tpl");
<select name="a_user" class="name dropdown">
<?php
foreach($memberlist as $member) {
echo "<option value=".$member['id'].">".$member['username']."</option>";
if ($member['id'] != $session->uid) {
echo "<option value=".$member['id'].">".$member['username']."</option>";
}
}
?>
</select>
-1
View File
@@ -8,7 +8,6 @@
- disallow Support to play (single cookie for Admin and the game means support gets no village and lots of warnings when they switch to game now)
- resetting res bonus in admin actually says that bonus was given after OK is pressed
- quest image should glow red when new task is ready to be read (now it's only red when page is refreshed)
- disallow kicking yourself from alliance or provide a confirmation dialog and correct redirect
- sending messages to players via Admin doesn't work
- check aliance invitation accepting - apparently it doesn't work too well on first try?
- normalize forum tables - varchar is used for numeric values and is joined with int field