mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-08 17:56:52 +02:00
Code Issues Releases Wiki Activity

Merge branch '3.2.x'

Browse Source 
* 3.2.x:
  [ticket/10961] Send HTTP 403 when applicable
This commit is contained in:
Tristan Darricau
2016-09-01 14:54:06 +02:00
parent 0c91160856 a3dc829dab
commit e6be2e558f
26 changed files with 98 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
phpBB/phpbb/feed/forum.php
View File

@@ -74,6 +74,14 @@ class forum extends post_base
// Make sure we can read this forum
if (!$this->auth->acl_get('f_read', $this->forum_id))
{
if ($this->user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
}
else
{
send_status_line(401, 'Unauthorized');
}
throw new unauthorized_forum_exception($this->forum_id);
}
@@ -84,6 +92,14 @@ class forum extends post_base
if (isset($forum_ids_passworded[$this->forum_id]))
{
if ($this->user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
}
else
{
send_status_line(401, 'Unauthorized');
}
throw new unauthorized_forum_exception($this->forum_id);
}

24
phpBB/phpbb/feed/topic.php
View File

@@ -66,6 +66,14 @@ class topic extends post_base
// Make sure topic is either approved or user authed
if ($this->topic_data['topic_visibility'] != ITEM_APPROVED && !$this->auth->acl_get('m_approve', $this->forum_id))
{
if ($this->user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
}
else
{
send_status_line(401, 'Unauthorized');
}
throw new unauthorized_topic_exception($this->topic_id);
}
@@ -78,6 +86,14 @@ class topic extends post_base
// Make sure we can read this forum
if (!$this->auth->acl_get('f_read', $this->forum_id))
{
if ($this->user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
}
else
{
send_status_line(401, 'Unauthorized');
}
throw new unauthorized_forum_exception($this->forum_id);
}
@@ -88,6 +104,14 @@ class topic extends post_base
if (isset($forum_ids_passworded[$this->forum_id]))
{
if ($this->user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
}
else
{
send_status_line(401, 'Unauthorized');
}
throw new unauthorized_forum_exception($this->forum_id);
}

8
phpBB/phpbb/message/topic_form.php
View File

@@ -71,6 +71,14 @@ class topic_form extends form
if (!$this->auth->acl_get('f_read', $this->topic_row['forum_id']))
{
if ($this->user->data['user_id'] != ANONYMOUS)
{
send_status_line(403, 'Forbidden');
}
else
{
send_status_line(401, 'Unauthorized');
}
return 'SORRY_AUTH_READ';
}