[ticket/10961] Send HTTP 403 when applicable

PHPBB3-10961
2025-07-31 14:00:31 +02:00 · 2016-05-29 12:42:57 +02:00
parent dff950162c
commit 4b6c2c8cde
26 changed files with 98 additions and 0 deletions
--- a/phpBB/includes/ucp/ucp_activate.php
+++ b/phpBB/includes/ucp/ucp_activate.php
@@ -67,6 +67,7 @@ class ucp_activate
 			{
 				login_box('', $user->lang['NO_AUTH_OPERATION']);
 			}
+			send_status_line(403, 'Forbidden');
 			trigger_error('NO_AUTH_OPERATION');
 		}

--- a/phpBB/includes/ucp/ucp_groups.php
+++ b/phpBB/includes/ucp/ucp_groups.php
@@ -87,6 +87,7 @@ class ucp_groups

 							if (!$auth->acl_get('u_chggrp'))
 							{
+								send_status_line(403, 'Forbidden');
 								trigger_error($user->lang['NOT_AUTHORISED'] . $return_page);
 							}

--- a/phpBB/includes/ucp/ucp_pm.php
+++ b/phpBB/includes/ucp/ucp_pm.php
@@ -166,6 +166,7 @@ class ucp_pm

 				if (!$auth->acl_get('u_readpm'))
 				{
+					send_status_line(403, 'Forbidden');
 					trigger_error('NO_AUTH_READ_MESSAGE');
 				}

--- a/phpBB/includes/ucp/ucp_pm_compose.php
+++ b/phpBB/includes/ucp/ucp_pm_compose.php
@@ -171,6 +171,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		case 'post':
 			if (!$auth->acl_get('u_sendpm'))
 			{
+				send_status_line(403, 'Forbidden');
 				trigger_error('NO_AUTH_SEND_MESSAGE');
 			}
 		break;
@@ -186,6 +187,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())

 			if (!$auth->acl_get('u_sendpm'))
 			{
+				send_status_line(403, 'Forbidden');
 				trigger_error('NO_AUTH_SEND_MESSAGE');
 			}

@@ -226,6 +228,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		case 'delete':
 			if (!$auth->acl_get('u_pm_delete'))
 			{
+				send_status_line(403, 'Forbidden');
 				trigger_error('NO_AUTH_DELETE_MESSAGE');
 			}

@@ -251,11 +254,13 @@ function compose_pm($id, $mode, $action, $user_folders = array())

 	if ($action == 'forward' && (!$config['forward_pm'] || !$auth->acl_get('u_pm_forward')))
 	{
+		send_status_line(403, 'Forbidden');
 		trigger_error('NO_AUTH_FORWARD_MESSAGE');
 	}

 	if ($action == 'edit' && !$auth->acl_get('u_pm_edit'))
 	{
+		send_status_line(403, 'Forbidden');
 		trigger_error('NO_AUTH_EDIT_MESSAGE');
 	}

@@ -321,6 +326,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())
 		{
 			if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read')))
 			{
+				send_status_line(403, 'Forbidden');
 				trigger_error('NOT_AUTHORISED');
 			}

@@ -456,6 +462,7 @@ function compose_pm($id, $mode, $action, $user_folders = array())

 	if (($to_group_id || isset($address_list['g'])) && (!$config['allow_mass_pm'] || !$auth->acl_get('u_masspm_group')))
 	{
+		send_status_line(403, 'Forbidden');
 		trigger_error('NO_AUTH_GROUP_MESSAGE');
 	}

--- a/phpBB/includes/ucp/ucp_pm_viewmessage.php
+++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php
@@ -41,6 +41,7 @@ function view_message($id, $mode, $folder_id, $msg_id, $folder, $message_row)
 		$message = $user->lang['NO_AUTH_READ_REMOVED_MESSAGE'];

 		$message .= '<br /><br />' . sprintf($user->lang['RETURN_FOLDER'], '<a href="' . $meta_info . '">', '</a>');
+		send_status_line(403, 'Forbidden');
 		trigger_error($message);
 	}

--- a/phpBB/includes/ucp/ucp_profile.php
+++ b/phpBB/includes/ucp/ucp_profile.php
@@ -279,6 +279,7 @@ class ucp_profile
 				// Do not display profile information panel if not authed to do so
 				if (!$auth->acl_get('u_chgprofileinfo'))
 				{
+					send_status_line(403, 'Forbidden');
 					trigger_error('NO_AUTH_PROFILEINFO');
 				}

@@ -464,6 +465,7 @@ class ucp_profile

 				if (!$auth->acl_get('u_sig'))
 				{
+					send_status_line(403, 'Forbidden');
 					trigger_error('NO_AUTH_SIGNATURE');
 				}

--- a/phpBB/includes/ucp/ucp_remind.php
+++ b/phpBB/includes/ucp/ucp_remind.php
@@ -79,6 +79,7 @@ class ucp_remind

 			if (!$auth2->acl_get('u_chgpasswd'))
 			{
+				send_status_line(403, 'Forbidden');
 				trigger_error('NO_AUTH_PASSWORD_REMINDER');
 			}