mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-03 23:37:39 +02:00
Code Issues Releases Wiki Activity

[ticket/15593] Do not allow print view with direct URL

Browse Source 
PHPBB3-15593
This commit is contained in:
Jakub Senko
2018-09-28 12:55:45 +02:00
parent 001f32da95
commit f657ee51f8
4 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
phpBB/includes/ucp/ucp_pm.php
View File

@@ -170,6 +170,12 @@ class ucp_pm
trigger_error('NO_AUTH_READ_MESSAGE');
}
if ($view == 'print' && (!$config['print_pm'] || !$auth->acl_get('u_pm_printpm')))
{
send_status_line(403, 'Forbidden');
trigger_error('NO_AUTH_PRINT_MESSAGE');
}
// Do not allow hold messages to be seen
if ($folder_id == PRIVMSGS_HOLD_BOX)
{