Uploaded image for project: 'phpBB'
  1. phpBB
  2. PHPBB-13323

posting.php can pass invalid auth option to acl_get()

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 3.1.2-RC1
    • 3.1.1
    • Posting
    • None

      In posting.php while checking the topic type to determine if the user is authorized to use the topic type they are requesting, and an extension adds an additional topic type, an invalid blank value will be sent to acl_get() per the default option in the switch statement:
      https://github.com/phpbb/phpbb/blob/develop-ascraeus/phpBB/posting.php#L1124

      IMO the following line where it invokes acl_get() should be prepended with a check that $auth_option in not empty. Otherwise it is impossible for extensions to add topic types. The extension author is responsible for checking the permission for this separately (and can be achieved by nearby event calls).

            nickvergessen Joas Schilling
            omniError omniError [X] (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: