ACP > Forums > Manage forums > Manage forums > Create new forum ("testforum") > Forum settings > Copy permissions from > ("otherforum"). Don't click once on the Submit button, do a doubleclick. Results in:
- creating the forum twice,
- adding or editing groups' user permissions twice and
- copying forum permissions twice.
Yet I haven't really grasped the whole thing. In /includes/acp/acp_forums.php we have this call:The third parameter of that will evaluate to FALSE when creating a forum - the only position in the whole phpBB files where this third parameter might be FALSE. Looking up the function's definition in /includes/functions_admin.php this parameter turns out as $clear_dest_perms = true. It is then used this way: So when creating "two forums in a row" (the doubleclick) both seem to be copied twice without deleting existing datasets. Seeing this brought me the idea:
Simply re-editing the forum and re-copying the permissions from another forum solved the issue.
What I don't really get: why is the doubleclick "possible" at all? I mean: why doesn't interfere any form token from processing a (HTTP) request more than once? I'm a bit scared by what could go wrong to the whole board because I literally have the chance to doubleclick on a Submit button in so many different places.