mirror of
https://github.com/e107inc/e107.git
synced 2025-07-30 03:10:50 +02:00
Fix for PM Send permissions.
This commit is contained in:
@@ -531,7 +531,7 @@ class user_class
|
||||
|
||||
if (count($opt_arr) == 0)
|
||||
{
|
||||
$opt_arr = array('public' => 1, 'guest' => 1, 'nobody' => 1, 'member' => 1, 'classes' => 1);
|
||||
$opt_arr = array('public' => 1, 'guest' => 1, 'new'=>1, 'nobody' => 1, 'member' => 1, 'classes' => 1);
|
||||
}
|
||||
|
||||
if (isset($opt_arr['all']))
|
||||
|
@@ -75,8 +75,10 @@ class pm_shortcodes extends e_shortcode
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @param int $parm - User ID.
|
||||
* @return null|string
|
||||
*/
|
||||
function sc_sendpm($parm='')
|
||||
{
|
||||
|
||||
@@ -86,8 +88,12 @@ class pm_shortcodes extends e_shortcode
|
||||
|
||||
$url = e107::url('pm','index').'?send.'.$parm;
|
||||
|
||||
require_once(e_PLUGIN."pm/pm_class.php");
|
||||
|
||||
if(check_class($pm_prefs['pm_class']))
|
||||
$pm = new private_message;
|
||||
|
||||
|
||||
if(check_class($pm_prefs['pm_class']) && $pm->canSendTo($parm)) // check $this->pmPrefs['send_to_class'].
|
||||
{
|
||||
if(deftrue('FONTAWESOME') && deftrue('BOOTSTRAP'))
|
||||
{
|
||||
|
@@ -88,4 +88,5 @@ define("LAN_PM_111", "Read");
|
||||
define("LAN_PM_112", "User(s)");
|
||||
|
||||
define("LAN_PM_113", "Read Message");
|
||||
define("LAN_PM_114", "You do not have access to send to this user.");
|
||||
?>
|
@@ -148,8 +148,16 @@ class pm_extended extends private_message
|
||||
$to_uid = $pm_info['pm_from'];
|
||||
}
|
||||
|
||||
|
||||
|
||||
if(!empty($to_uid))
|
||||
{
|
||||
|
||||
if($this->canSendTo($to_uid) == false)
|
||||
{
|
||||
return "<div class='alert alert-danger'>".LAN_PM_114."</div>";// sending to this user is not permitted.
|
||||
}
|
||||
|
||||
$sql2 = e107::getDb('sql2');
|
||||
if($sql2->select('user', 'user_name', 'user_id = '.intval($to_uid))) //TODO add a check for userclass.
|
||||
{
|
||||
|
@@ -35,7 +35,8 @@ class private_message
|
||||
public function __construct($prefs=null)
|
||||
{
|
||||
$this->e107 = e107::getInstance();
|
||||
$this->pmPrefs = $prefs; }
|
||||
$this->pmPrefs = e107::pref('pm');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
@@ -262,6 +263,10 @@ class private_message
|
||||
else
|
||||
{ // Sending to a single person
|
||||
$info['pm_to'] = intval($vars['to_info']['user_id']); // Sending to a single user now
|
||||
|
||||
|
||||
|
||||
|
||||
if($pmid = $sql->insert('private_msg', $info))
|
||||
{
|
||||
$info['pm_id'] = $pmid;
|
||||
@@ -634,6 +639,7 @@ class private_message
|
||||
function get_users_inclass($class)
|
||||
{
|
||||
$sql = e107::getDb();
|
||||
|
||||
if($class == e_UC_MEMBER)
|
||||
{
|
||||
$qry = "SELECT user_id, user_name, user_email, user_class FROM `#user` WHERE 1";
|
||||
@@ -658,6 +664,37 @@ class private_message
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Check permission to send a PM to someone.
|
||||
* @param int $uid user_id of the person to send to
|
||||
* @return bool
|
||||
*/
|
||||
function canSendTo($uid)
|
||||
{
|
||||
if(empty($uid))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = e107::user($uid);
|
||||
|
||||
$uclass = explode(",", $user['user_class']);
|
||||
|
||||
if($this->pmPrefs['send_to_class'] == 'matchclass')
|
||||
{
|
||||
$tmp = explode(",", USERCLASS);
|
||||
$result = array_intersect($uclass, $tmp);
|
||||
|
||||
return !empty($result);
|
||||
}
|
||||
|
||||
return in_array($this->pmPrefs['send_to_class'], $uclass);
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Get inbox - up to $limit messages from $from
|
||||
*
|
||||
|
Reference in New Issue
Block a user