mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-13 04:04:12 +02:00
[ticket/10961] Send HTTP 403 when applicable
PHPBB3-10961
This commit is contained in:
Jakub Senko
@@ -223,6 +223,7 @@ class acp_groups
|
||||
}
|
||||
else if ($action === 'delete' && $group_row['group_type'] == GROUP_SPECIAL)
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -235,6 +236,7 @@ class acp_groups
|
||||
case 'delete':
|
||||
if (!$auth->acl_get('a_groupdel'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -313,6 +315,7 @@ class acp_groups
|
||||
|
||||
if ($action == 'add' && !$auth->acl_get('a_groupadd'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
|
||||
@@ -164,6 +164,7 @@ class acp_inactive
|
||||
{
|
||||
if (!$auth->acl_get('a_userdel'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
|
||||
@@ -118,6 +118,7 @@ class acp_main
|
||||
case 'online':
|
||||
if (!$auth->acl_get('a_board'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -134,6 +135,7 @@ class acp_main
|
||||
case 'stats':
|
||||
if (!$auth->acl_get('a_board'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -189,6 +191,7 @@ class acp_main
|
||||
case 'user':
|
||||
if (!$auth->acl_get('a_board'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -256,6 +259,7 @@ class acp_main
|
||||
case 'date':
|
||||
if (!$auth->acl_get('a_board'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -372,6 +376,7 @@ class acp_main
|
||||
case 'purge_sessions':
|
||||
if ((int) $user->data['user_type'] !== USER_FOUNDER)
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
|
||||
@@ -315,6 +315,7 @@ class acp_permissions
|
||||
case 'apply_permissions':
|
||||
if (!isset($_POST['setting']))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
if (!check_form_key($form_name))
|
||||
@@ -328,6 +329,7 @@ class acp_permissions
|
||||
case 'apply_all_permissions':
|
||||
if (!isset($_POST['setting']))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_SETTING_FOUND'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
if (!check_form_key($form_name))
|
||||
@@ -687,6 +689,7 @@ class acp_permissions
|
||||
// Check the permission setting again
|
||||
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -772,6 +775,7 @@ class acp_permissions
|
||||
// Check the permission setting again
|
||||
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
@@ -884,6 +888,7 @@ class acp_permissions
|
||||
// Check the permission setting again
|
||||
if (!$auth->acl_get('a_' . str_replace('_', '', $permission_type) . 'auth') || !$auth->acl_get('a_auth' . $ug_type . 's'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action), E_USER_WARNING);
|
||||
}
|
||||
|
||||
|
||||
@@ -205,6 +205,7 @@ class acp_users
|
||||
{
|
||||
if (!$auth->acl_get('a_userdel'))
|
||||
{
|
||||
send_status_line(403, 'Forbidden');
|
||||
trigger_error($user->lang['NO_AUTH_OPERATION'] . adm_back_link($this->u_action . '&u=' . $user_id), E_USER_WARNING);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user