* check post restriction for 'delete post' and 'edit post'.

   * reason 1: this account may be occupied by someone else.
   * reason 2: BM may alter post restrictions to this board
   * reference: sohate5566@ptt.cc #1AmiRDvG (PttSuggest)


git-svn-id: http://opensvn.csie.org/pttbbs/trunk@4895 63ad8ddf-47c3-0310-b6dd-a9e9d9715204

2 files changed, 23 insertions, 3 deletions

diff --git a/pttbbs/mbbsd/bbs.c b/pttbbs/mbbsd/bbs.c
index cbeac042..87ed4403 100644
--- a/pttbbs/mbbsd/bbs.c
+++ b/pttbbs/mbbsd/bbs.c
@@ -1427,9 +1427,13 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct)
 	return DONOTHING;
 #endif
 
-    // user check
-    if (!HasUserPerm(PERM_BASIC) ||	// includeing guests
-	!CheckPostPerm() )   
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
 	return DONOTHING;
 
     if (strcmp(fhdr->owner, cuser.userid) != EQUSTR)
@@ -2940,6 +2944,15 @@ del_post(int ent, fileheader_t * fhdr, char *direct)
 	!strcmp(cuser.userid, STR_GUEST))
 	return DONOTHING;
 
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
+	return DONOTHING;
+
     if (fhdr->filename[0]=='L') fhdr->filename[0]='M';
 
 #ifdef SAFE_ARTICLE_DELETE
diff --git a/pttbbs/mbbsd/cache.c b/pttbbs/mbbsd/cache.c
index cac2135c..42bef4fc 100644
--- a/pttbbs/mbbsd/cache.c
+++ b/pttbbs/mbbsd/cache.c
@@ -197,6 +197,13 @@ postperm_msg(const char *bname)
     if (bp->brdattr & BRD_GUESTPOST)
         return NULL;
 
+    // XXX should we enable this?
+#if 0
+    // always allow post for BM
+    if (is_BM_cache(i))
+	return NULL;
+#endif
+
     if (!HasUserPerm(PERM_POST))
 	return "µLµo¤åÅv­­";