mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Minor security problem, discovered internally. Requires the user to know the activation key which is not normally possible when admin activation is turned on. #41625

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9498 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Chris Smith
2009-04-29 18:30:26 +00:00
parent 0902ba6d21
commit de617ed0df
2 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
phpBB/includes/ucp/ucp_activate.php
View File

@@ -56,6 +56,17 @@ class ucp_activate
trigger_error('WRONG_ACTIVATION');
}
// Do not allow activating by non administrators when admin activation is on
// Only activation type the user should be able to do is INACTIVE_REMIND
if ($user_row['user_inactive_reason'] != INACTIVE_REMIND && $config['require_activation'] == USER_ACTIVATION_ADMIN && !$auth->acl_get('a_user'))
{
if (!$user->data['is_registered'])
{
login_box('', $user->lang['NO_AUTH_OPERATION']);
}
trigger_error('NO_AUTH_OPERATION');
}
$update_password = ($user_row['user_newpasswd']) ? true : false;
if ($update_password)