diff options
| author | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-04-24 02:03:59 +0800 |
|---|---|---|
| committer | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-04-24 02:03:59 +0800 |
| commit | f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f (patch) | |
| tree | 83f18dc2c47f41124173c62b05085fc7afd5af58 | |
| parent | 06a4d437e91b3b0165b6eafbf7eaf736816fc27c (diff) | |
| download | pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.gz pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.bz2 pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.lz pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.xz pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.zst pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.zip | |
- fix: guests should not get announce sub-op, and sub-op should not have BM permission.
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4239 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
| -rw-r--r-- | include/proto.h | 1 | ||||
| -rw-r--r-- | mbbsd/announce.c | 10 | ||||
| -rw-r--r-- | mbbsd/board.c | 4 | ||||
| -rw-r--r-- | mbbsd/stuff.c | 10 |
4 files changed, 10 insertions, 15 deletions
diff --git a/include/proto.h b/include/proto.h index 35e2fb4e..cfeace26 100644 --- a/include/proto.h +++ b/include/proto.h @@ -607,7 +607,6 @@ void setcalfile(char *buf, char *userid); int show_file(const char *filename, int y, int lines, int mode); int cursor_key(int row, int column); int search_num(int ch, int max); -int is_BM(const char *list); void setuserfile(char *buf, const char *fname); void setbdir(char *buf, const char *boardname); void setaidfile(char *buf, const char *bn, aidu_t aidu); diff --git a/mbbsd/announce.c b/mbbsd/announce.c index 233ac5f6..35e9ecc0 100644 --- a/mbbsd/announce.c +++ b/mbbsd/announce.c @@ -1048,8 +1048,14 @@ a_menu(const char *maintitle, const char *path, if (!(me.level = lastlevel)) { char *ptr; - if ((ptr = strrchr(me.mtitle, '['))) - me.level = is_BM(ptr + 1); + // warning: this is only valid for me.level. + // is_uBM should not do anything except returning test result: + // for ex, setting user BM permission automatically. + // such extra behavior will result in any sub-op to have PERM_BM + // ability, which leads to entering BM board without authority. + // Thanks to mtdas@ptt for reporting this exploit. + if (HasUserPerm(PERM_BASIC) && (ptr = strrchr(me.mtitle, '['))) + me.level = is_uBM(ptr + 1, cuser.userid); } me.page = 9999; me.now = 0; diff --git a/mbbsd/board.c b/mbbsd/board.c index e531a0d6..b1ad5821 100644 --- a/mbbsd/board.c +++ b/mbbsd/board.c @@ -1329,9 +1329,9 @@ show_brdlist(int head, int clsflag, int newflag) static void set_menu_BM(char *BM) { - if (!HasUserPerm(PERM_NOCITIZEN) && (HasUserPerm(PERM_ALLBOARD) || is_BM(BM))) { + if (!HasUserPerm(PERM_NOCITIZEN) && (HasUserPerm(PERM_ALLBOARD) || is_uBM(BM, cuser.userid))) { currmode |= MODE_GROUPOP; - cuser.userlevel |= PERM_SYSSUBOP; + cuser.userlevel |= PERM_SYSSUBOP | PERM_BM; } } diff --git a/mbbsd/stuff.c b/mbbsd/stuff.c index 03b05d3c..4cdae745 100644 --- a/mbbsd/stuff.c +++ b/mbbsd/stuff.c @@ -87,16 +87,6 @@ is_uBM(const char *list, const char *id) } int -is_BM(const char *list) -{ - if (is_uBM(list, cuser.userid)) { - cuser.userlevel |= PERM_BM; /* Ptt 自動加上BM的權利 */ - return 1; - } - return 0; -} - -int userid_is_BM(const char *userid, const char *list) { register int ch, len; |