* check post restriction for 'delete post' and 'edit post'.

* reason 1: this account may be occupied by someone else. * reason 2: BM may alter post restrictions to this board * reference: sohate5566@ptt.cc #1AmiRDvG (PttSuggest) git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4895 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
author: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2009-09-30 11:37:13 +0800
committer: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204> 2009-09-30 11:37:13 +0800
commit: 813bf434512409f323b1b1d3b6fdcd70ab2cc9e2 (patch)
tree: 907356dddf6dd57c46c11625a6611357ebcfd231 /mbbsd/bbs.c
parent: aaaa60649b3cc48679a8d7e567fff3b888184408 (diff)
download: pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar
pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.gz
pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.bz2
pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.lz
pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.xz
pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.zst
pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.zip
1 files changed, 16 insertions, 3 deletions
diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c
index cbeac042..87ed4403 100644
--- a/mbbsd/bbs.c
+++ b/mbbsd/bbs.c
@@ -1427,9 +1427,13 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct)
 	return DONOTHING;
 #endif
 
-    // user check
-    if (!HasUserPerm(PERM_BASIC) ||	// includeing guests
-	!CheckPostPerm() )   
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
 	return DONOTHING;
 
     if (strcmp(fhdr->owner, cuser.userid) != EQUSTR)
@@ -2940,6 +2944,15 @@ del_post(int ent, fileheader_t * fhdr, char *direct)
 	!strcmp(cuser.userid, STR_GUEST))
 	return DONOTHING;
 
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
+	return DONOTHING;
+
     if (fhdr->filename[0]=='L') fhdr->filename[0]='M';
 
 #ifdef SAFE_ARTICLE_DELETE
author	piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2009-09-30 11:37:13 +0800
committer	piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>	2009-09-30 11:37:13 +0800
commit	813bf434512409f323b1b1d3b6fdcd70ab2cc9e2 (patch)
tree	907356dddf6dd57c46c11625a6611357ebcfd231 /mbbsd/bbs.c
parent	aaaa60649b3cc48679a8d7e567fff3b888184408 (diff)
download	pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.gz pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.bz2 pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.lz pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.xz pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.tar.zst pttbbs-813bf434512409f323b1b1d3b6fdcd70ab2cc9e2.zip