Do not permit unauthorised users to delete private messages from folder listing. #54355

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10322 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-08-10 02:36:38 +02:00 · 2009-12-11 22:27:00 +00:00
parent c9b343b2c8
commit f150bb8281
3 changed files with 14 additions and 0 deletions
--- a/phpBB/includes/functions_privmsgs.php
+++ b/phpBB/includes/functions_privmsgs.php
@@ -894,6 +894,13 @@ function handle_mark_actions($user_id, $mark_action)

 		case 'delete_marked':

+			global $auth;
+
+			if (!$auth->acl_get('u_pm_delete'))
+			{
+				trigger_error('NO_AUTH_DELETE_MESSAGE');
+			}
+
 			if (confirm_box(true))
 			{
 				delete_pm($user_id, $msg_ids, $cur_folder_id);