[ticket/8323] Do not allow sending of Private Messages to users who do not have permission to read private messages

PHPBB3-8323
2025-05-09 17:15:19 +02:00 · 2012-07-03 23:25:51 -05:00 · 2012-07-03 23:25:51 -05:00 · 05452b9ec0
commit 05452b9ec0
parent d998ad4b15
2 changed files with 21 additions and 0 deletions
--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@ -1245,6 +1245,26 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove
 				$error[] = $user->lang['PM_USERS_REMOVED_NO_PM'];
 			}
 		}
+
+		// Check if users have permission to read PMs
+		// Only check if not a moderator or admin, since they are allowed to override this user setting
+		if (true)//!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_'))
+		{
+			$can_read = $auth->acl_get_list(false, 'u_readpm');
+			$can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm'];
+
+			$cannot_read_list = array_diff(array_keys($address_list['u']), $can_read);
+
+			if (!empty($cannot_read_list))
+			{
+				foreach ($cannot_read_list as $cannot_read)
+				{
+					unset($address_list['u'][$cannot_read]);
+				}
+
+				$error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION'];
+			}
+		}
 	}
 }

--- a/phpBB/language/en/ucp.php
+++ b/phpBB/language/en/ucp.php
@ -367,6 +367,7 @@ $lang = array_merge($lang, array(
 	'PM_SENTBOX'				=> 'Sent messages',
 	'PM_SUBJECT'				=> 'Message subject',
 	'PM_TO'						=> 'Send to',
+	'PM_USERS_REMOVED_NO_PERMISSION'	=> 'Some users couldn’t be added as they do not have permission to read private messages.',
 	'PM_USERS_REMOVED_NO_PM'	=> 'Some users couldn’t be added as they have disabled private message receipt.',
 	'POPUP_ON_PM'				=> 'Pop up window on new private message',
 	'POST_EDIT_PM'				=> 'Edit message',