From 813bf434512409f323b1b1d3b6fdcd70ab2cc9e2 Mon Sep 17 00:00:00 2001
From: piaip <piaip@63ad8ddf-47c3-0310-b6dd-a9e9d9715204>
Date: Wed, 30 Sep 2009 03:37:13 +0000
Subject:  * check post restriction for 'delete post' and 'edit post'.    *
 reason 1: this account may be occupied by someone else.    * reason 2: BM may
 alter post restrictions to this board    * reference: sohate5566@ptt.cc
 #1AmiRDvG (PttSuggest)

git-svn-id: http://opensvn.csie.org/pttbbs/trunk/pttbbs@4895 63ad8ddf-47c3-0310-b6dd-a9e9d9715204
---
 mbbsd/bbs.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

(limited to 'mbbsd/bbs.c')

diff --git a/mbbsd/bbs.c b/mbbsd/bbs.c
index cbeac042..87ed4403 100644
--- a/mbbsd/bbs.c
+++ b/mbbsd/bbs.c
@@ -1427,9 +1427,13 @@ edit_post(int ent, fileheader_t * fhdr, const char *direct)
 	return DONOTHING;
 #endif
 
-    // user check
-    if (!HasUserPerm(PERM_BASIC) ||	// includeing guests
-	!CheckPostPerm() )   
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
 	return DONOTHING;
 
     if (strcmp(fhdr->owner, cuser.userid) != EQUSTR)
@@ -2940,6 +2944,15 @@ del_post(int ent, fileheader_t * fhdr, char *direct)
 	!strcmp(cuser.userid, STR_GUEST))
 	return DONOTHING;
 
+    // user and permission check
+    // reason 1: BM may alter post restrictions to this board
+    // reason 2: this account may be occupied by someone else.
+    if (!HasUserPerm(PERM_BASIC) ||	// including guests
+	!CheckPostPerm() ||
+	!CheckPostRestriction(currbid)
+	)   
+	return DONOTHING;
+
     if (fhdr->filename[0]=='L') fhdr->filename[0]='M';
 
 #ifdef SAFE_ARTICLE_DELETE
-- 
cgit v1.2.3