diff options
author | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-04-24 02:03:59 +0800 |
---|---|---|
committer | piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> | 2008-04-24 02:03:59 +0800 |
commit | f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f (patch) | |
tree | 83f18dc2c47f41124173c62b05085fc7afd5af58 /mbbsd/announce.c | |
parent | 06a4d437e91b3b0165b6eafbf7eaf736816fc27c (diff) | |
download | pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.gz pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.bz2 pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.lz pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.xz pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.tar.zst pttbbs-f5abaaf78f6c5c6e3a4f99ff04835cdd7a06978f.zip |
- fix: guests should not get announce sub-op, and sub-op should not have BM permission.
git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4239 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
Diffstat (limited to 'mbbsd/announce.c')
-rw-r--r-- | mbbsd/announce.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/mbbsd/announce.c b/mbbsd/announce.c index 233ac5f6..35e9ecc0 100644 --- a/mbbsd/announce.c +++ b/mbbsd/announce.c @@ -1048,8 +1048,14 @@ a_menu(const char *maintitle, const char *path, if (!(me.level = lastlevel)) { char *ptr; - if ((ptr = strrchr(me.mtitle, '['))) - me.level = is_BM(ptr + 1); + // warning: this is only valid for me.level. + // is_uBM should not do anything except returning test result: + // for ex, setting user BM permission automatically. + // such extra behavior will result in any sub-op to have PERM_BM + // ability, which leads to entering BM board without authority. + // Thanks to mtdas@ptt for reporting this exploit. + if (HasUserPerm(PERM_BASIC) && (ptr = strrchr(me.mtitle, '['))) + me.level = is_uBM(ptr + 1, cuser.userid); } me.page = 9999; me.now = 0; |