mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-12 03:34:04 +02:00
Fix one design failure in phpBB3. Do not count non-approved posts to the user_posts. Before, a user was able to circumvent basically any protection based on post counts.
At the same time implement the queue_trigger feature. git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8805 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
@@ -415,8 +415,8 @@ function change_poster(&$post_info, $userdata)
|
||||
sync('forum', 'forum_id', $post_info['forum_id'], false, false);
|
||||
}
|
||||
|
||||
// Adjust post counts
|
||||
if ($post_info['post_postcount'])
|
||||
// Adjust post counts... only if the post is approved (else, it was not added the users post count anyway)
|
||||
if ($post_info['post_postcount'] && $post_info['post_approved'])
|
||||
{
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_posts = user_posts - 1
|
||||
@@ -470,11 +470,11 @@ function change_poster(&$post_info, $userdata)
|
||||
if (file_exists($phpbb_root_path . 'includes/search/' . $search_type . '.' . $phpEx))
|
||||
{
|
||||
require("{$phpbb_root_path}includes/search/$search_type.$phpEx");
|
||||
|
||||
|
||||
// We do some additional checks in the module to ensure it can actually be utilised
|
||||
$error = false;
|
||||
$search = new $search_type($error);
|
||||
|
||||
|
||||
if (!$error && method_exists($search, 'destroy_cache'))
|
||||
{
|
||||
$search->destroy_cache(array(), array($post_info['user_id'], $userdata['user_id']));
|
||||
|
||||
@@ -481,6 +481,7 @@ function approve_post($post_id_list, $id, $mode)
|
||||
|
||||
$total_topics = $total_posts = 0;
|
||||
$forum_topics_posts = $topic_approve_sql = $topic_replies_sql = $post_approve_sql = $topic_id_list = $forum_id_list = $approve_log = array();
|
||||
$user_posts_sql = array();
|
||||
|
||||
$update_forum_information = false;
|
||||
|
||||
@@ -493,6 +494,9 @@ function approve_post($post_id_list, $id, $mode)
|
||||
$forum_id_list[$post_data['forum_id']] = 1;
|
||||
}
|
||||
|
||||
// User post update (we do not care about topic or post, since user posts are strictly connected to posts
|
||||
$user_posts_sql[$post_data['poster_id']] = (empty($user_posts_sql[$post_data['poster_id']])) ? 1 : $user_posts_sql[$post_data['poster_id']] + 1;
|
||||
|
||||
// Topic or Post. ;)
|
||||
if ($post_data['topic_first_post_id'] == $post_id)
|
||||
{
|
||||
@@ -612,6 +616,25 @@ function approve_post($post_id_list, $id, $mode)
|
||||
}
|
||||
}
|
||||
|
||||
if (sizeof($user_posts_sql))
|
||||
{
|
||||
// Try to minimize the query count by merging users with the same post count additions
|
||||
$user_posts_update = array();
|
||||
|
||||
foreach ($user_posts_sql as $user_id => $user_posts)
|
||||
{
|
||||
$user_posts_update[$user_posts][] = $user_id;
|
||||
}
|
||||
|
||||
foreach ($user_posts_update as $user_posts => $user_id_ary)
|
||||
{
|
||||
$sql = 'UPDATE ' . USERS_TABLE . '
|
||||
SET user_posts = user_posts + ' . $user_posts . '
|
||||
WHERE ' . $db->sql_in_set('user_id', $user_id_ary);
|
||||
$db->sql_query($sql);
|
||||
}
|
||||
}
|
||||
|
||||
if ($total_topics)
|
||||
{
|
||||
set_config('num_topics', $config['num_topics'] + $total_topics, true);
|
||||
|
||||
Reference in New Issue
Block a user