diff options
| author | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2009-09-30 11:37:13 +0800 |
|---|---|---|
| committer | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2009-09-30 11:37:13 +0800 |
| commit | 813bf434512409f323b1b1d3b6fdcd70ab2cc9e2 (patch) | |
| tree | 907356dddf6dd57c46c11625a6611357ebcfd231 | |
| parent | aaaa60649b3cc48679a8d7e567fff3b888184408 (diff) | |
| download | pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.gz pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.bz2 pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.lz pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.xz pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.zst pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.zip | |
* check post restriction for 'delete post' and 'edit post'.
* reason 1: this account may be occupied by someone else.
* reason 2: BM may alter post restrictions to this board
* reference: sohate5566@ptt.cc #1AmiRDvG (PttSuggest)
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4895 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
| -rw-r--r-- | mbbsd/bbs.c | 19 | ||||
| -rw-r--r-- | mbbsd/cache.c | 7 |
2 files changed, 23 insertions, 3 deletions
diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c index cbeac042..87ed4403 100644 --- a/mbbsd/bbs.c +++ b/mbbsd/bbs.c @@ -1427,9 +1427,13 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct) return DONOTHING; #endif - // user check - if (!HasUserPerm(PERM_BASIC) || // includeing guests - !CheckPostPerm() ) + // user and permission check + // reason 1: BM may alter post restrictions to this board + // reason 2: this account may be occupied by someone else. + if (!HasUserPerm(PERM_BASIC) || // including guests + !CheckPostPerm() || + !CheckPostRestriction(currbid) + ) return DONOTHING; if (strcmp(fhdr->owner, cuser.userid) != EQUSTR) @@ -2940,6 +2944,15 @@ del_post(int ent, fileheader_t * fhdr, char *direct) !strcmp(cuser.userid, STR_GUEST)) return DONOTHING; + // user and permission check + // reason 1: BM may alter post restrictions to this board + // reason 2: this account may be occupied by someone else. + if (!HasUserPerm(PERM_BASIC) || // including guests + !CheckPostPerm() || + !CheckPostRestriction(currbid) + ) + return DONOTHING; + if (fhdr->filename[0]=='L') fhdr->filename[0]='M'; #ifdef SAFE_ARTICLE_DELETE diff --git a/mbbsd/cache.c b/mbbsd/cache.c index cac2135c..42bef4fc 100644 --- a/mbbsd/cache.c +++ b/mbbsd/cache.c @@ -197,6 +197,13 @@ postperm_msg(const char *bname) if (bp->brdattr & BRD_GUESTPOST) return NULL; + // XXX should we enable this? +#if 0 + // always allow post for BM + if (is_BM_cache(i)) + return NULL; +#endif + if (!HasUserPerm(PERM_POST)) return "µLµo¤åÅv"; |