Ok, not too much here... just a little enhancement to the Jumpbox, along

with some security problems fixed.  All of them were found by Ludovic
Arnaud, with the exception of one, which was also found by Paranti.
I guess I'll be doing some more tomorrow, if I can find anything, but
that's it for tonight. (I'm tired...)

--Doug


git-svn-id: file:///svn/phpbb/branches/phpBB-2_0_0@2657 89ea8834-ac86-4346-8a33-228a782c2dd0

phpBB/includes/functions.php

@@ -92,7 +92,9 @@ function get_userdata($user)
 
 function make_jumpbox($action, $match_forum_id = 0)
 {
-	global $template, $lang, $db, $SID, $nav_links, $phpEx;
+	global $template, $lang, $db, $userdata, $SID, $nav_links, $phpEx;
+	
+	$is_auth = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata);
 
 	$sql = "SELECT c.cat_id, c.cat_title, c.cat_order
 		FROM " . CATEGORIES_TABLE . " c, " . FORUMS_TABLE . " f
@@ -135,7 +137,7 @@ function make_jumpbox($action, $match_forum_id = 0)
 				$boxstring_forums = '';
 				for($j = 0; $j < $total_forums; $j++)
 				{
-					if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $forum_rows[$j]['auth_view'] <= AUTH_REG )
+					if ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $is_auth[$forum_rows[$j]['forum_id']]['auth_view'] )
 					{
 						$selected = ( $forum_rows[$j]['forum_id'] == $match_forum_id ) ? 'selected="selected"' : '';
 						$boxstring_forums .=  '<option value="' . $forum_rows[$j]['forum_id'] . '"' . $selected . '>' . $forum_rows[$j]['forum_name'] . '</option>';