From d171ac02ccd834c85cfc6149f45cdd3d79e63065 Mon Sep 17 00:00:00 2001 From: iopietro Date: Wed, 30 May 2018 20:10:59 +0200 Subject: [PATCH] General fixes +Fixed a bug that permitted to create threads and post in closed forums (only who have the permission to manage the forum can do that) +Fixed a bug that permitted to write posts to closed threads +Fixed a bug that permitted to view not shared forums under certain circumnstances --- GameEngine/Database.php | 10 +++++----- Templates/Alliance/Forum/forum_4.tpl | 4 ++++ Templates/Alliance/Forum/forum_5.tpl | 6 ++++++ Templates/Alliance/Forum/forum_6.tpl | 2 +- Templates/Alliance/Forum/forum_7.tpl | 3 ++- Templates/Alliance/forum.tpl | 13 ++++++++----- 6 files changed, 26 insertions(+), 12 deletions(-) diff --git a/GameEngine/Database.php b/GameEngine/Database.php index 79a4f090..c7788331 100755 --- a/GameEngine/Database.php +++ b/GameEngine/Database.php @@ -2268,8 +2268,8 @@ class MYSQLi_DB implements IDbConnection { '%$alliance,%' OR display_to_alliances - LIKE - '%$alliance%' + = + '$alliance' OR display_to_users LIKE @@ -2284,8 +2284,8 @@ class MYSQLi_DB implements IDbConnection { '%$uid,%' OR display_to_users - LIKE - '%$uid%' + = + '$uid' "; $result = mysqli_query($this->dblink, $q); if(!empty($result)){ @@ -2472,7 +2472,7 @@ class MYSQLi_DB implements IDbConnection { list($id) = $this->escape_input($id); $q = "SELECT alliance from " . TB_PREFIX . "forum_cat where id = $id LIMIT 1"; - $result = mysqli_query($this->dblink,$q); + $result = mysqli_query($this->dblink, $q); $dbarray = mysqli_fetch_array($result); return $dbarray['alliance']; } diff --git a/Templates/Alliance/Forum/forum_4.tpl b/Templates/Alliance/Forum/forum_4.tpl index b1b71216..5215ad56 100644 --- a/Templates/Alliance/Forum/forum_4.tpl +++ b/Templates/Alliance/Forum/forum_4.tpl @@ -84,8 +84,12 @@ echo ' } ?>

+ Post new thread Toggle Admin mode'; + } ?>

\ No newline at end of file diff --git a/Templates/Alliance/Forum/forum_5.tpl b/Templates/Alliance/Forum/forum_5.tpl index 0bd0c3c5..e0086758 100644 --- a/Templates/Alliance/Forum/forum_5.tpl +++ b/Templates/Alliance/Forum/forum_5.tpl @@ -10,6 +10,12 @@ if($session->access == BANNED){ exit; } +$cat_id = $_GET['fid']; +$forumData = reset($database->ForumCatEdit($cat_id)); + +//Check if we can create the thread or not +if($forumData['forum_area'] == 3 && !$opt['opt5']) $alliance->redirect($_GET); + ?>
diff --git a/Templates/Alliance/Forum/forum_6.tpl b/Templates/Alliance/Forum/forum_6.tpl index 1ff6e28c..d1bc4be4 100644 --- a/Templates/Alliance/Forum/forum_6.tpl +++ b/Templates/Alliance/Forum/forum_6.tpl @@ -182,7 +182,7 @@ foreach($posts as $po){
Replies'; echo 'Toggle Admin mode'; } diff --git a/Templates/Alliance/Forum/forum_7.tpl b/Templates/Alliance/Forum/forum_7.tpl index d25ff323..4653275d 100644 --- a/Templates/Alliance/Forum/forum_7.tpl +++ b/Templates/Alliance/Forum/forum_7.tpl @@ -7,9 +7,10 @@ if($session->access == BANNED){ $tid = $_GET['tid']; $topic = reset($database->ShowTopic($tid)); +$forumData = reset($database->ForumCatEdit($topic['cat'])); //Check if we're creating a post for a valid topic -if(empty($topic)) $alliance->redirect($_GET); +if(empty($topic) || $topic['close'] == 1 || ($forumData['forum_area'] == 3 && !$opt['opt5'])) $alliance->redirect($_GET); $title = stripslashes($topic['title']); diff --git a/Templates/Alliance/forum.tpl b/Templates/Alliance/forum.tpl index 1f4b3f9f..9a8be711 100644 --- a/Templates/Alliance/forum.tpl +++ b/Templates/Alliance/forum.tpl @@ -5,7 +5,7 @@ // # FIX BY RONIX ## // # TRAVIANZ ## // ########################################################### - +//TODO: Rework the whole code of this section... if(!isset($aid)){ if(isset($_GET['fid']) && !empty($_GET['fid'])) $aid = $database->ForumCatAlliance($_GET['fid']); else if(isset($_GET['fid2']) && !empty($_GET['fid2'])) $aid = $database->ForumCatAlliance($_GET['fid2']); @@ -83,8 +83,9 @@ if(isset($_POST['editforum']) && if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text']) && isset($_POST['fid']) && !empty($_POST['thema']) && !empty($_POST['text']) && !empty($_POST['fid']) && - (($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || - $forumData['forum_area'] == 1 || $alliance->isForumAccessible($_POST['fid']))) + ((($forumData = reset($database->ForumCatEdit($_POST['fid'])))['alliance'] == $session->alliance || + $forumData['forum_area'] == 1 || $alliance->isForumAccessible($_POST['fid'])) && + ($forumData['forum_area'] != 3 || ($forumData['forum_area'] == 3 && $opt['opt5'] == 1)))) { $title = $_POST['thema']; $text = $_POST['text']; @@ -117,8 +118,10 @@ if(isset($_POST['newtopic']) && isset($_POST['thema']) && isset($_POST['text']) if(isset($_POST['newpost']) && isset($_POST['text']) && !empty($_POST['text']) && isset($_POST['tid']) && !empty($_POST['tid']) && isset($_POST['fid2']) && !empty($_POST['fid2']) && - (($forumData = reset($database->ForumCatEdit($_POST['fid2'])))['alliance'] == $session->alliance || - $forumData['forum_area'] == 1 || $alliance->isForumAccessible($_POST['fid2']))) + ((($forumData = reset($database->ForumCatEdit($_POST['fid2'])))['alliance'] == $session->alliance || + $forumData['forum_area'] == 1 || $alliance->isForumAccessible($_POST['fid2'])) && + (($forumData['forum_area'] != 3 && !reset($database->ShowTopic($_POST['tid']))['close']) + || ($forumData['forum_area'] == 3 && $opt['opt5'] == 1)))) { $text = $_POST['text']; $tids = $_POST['tid'];