Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-11115

ACP > Forums > Create > doubleclick on "Submit" doubles forum moderators when copying permissions



    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Won't Fix
    • 3.0.11
    • 3.0.15-RC1, 3.1.12-RC1
    • ACP
    • None
    • PHP 5.3.8, Opera 12.02


      ACP > Forums > Manage forums > Manage forums > Create new forum ("testforum") > Forum settings > Copy permissions from > ("otherforum"). Don't click once on the Submit button, do a doubleclick. Results in:

      • creating the forum twice,
      • adding or editing groups' user permissions twice and
      • copying forum permissions twice.

      Yet I haven't really grasped the whole thing. In /includes/acp/acp_forums.php we have this call:

      copy_forum_permissions($forum_perm_from, $forum_data['forum_id'], ($action == 'edit') ? true : false);

      The third parameter of that will evaluate to FALSE when creating a forum - the only position in the whole phpBB files where this third parameter might be FALSE. Looking up the function's definition in /includes/functions_admin.php this parameter turns out as $clear_dest_perms = true. It is then used this way:

      	// Clear current permissions of destination forums
      	if ($clear_dest_perms)
      		$sql = 'DELETE FROM ' . ACL_USERS_TABLE . '
      			WHERE ' . $db->sql_in_set('forum_id', $dest_forum_ids);
      		$sql = 'DELETE FROM ' . ACL_GROUPS_TABLE . '
      			WHERE ' . $db->sql_in_set('forum_id', $dest_forum_ids);

      So when creating "two forums in a row" (the doubleclick) both seem to be copied twice without deleting existing datasets. Seeing this brought me the idea:

      Simply re-editing the forum and re-copying the permissions from another forum solved the issue.

      What I don't really get: why is the doubleclick "possible" at all? I mean: why doesn't interfere any form token from processing a (HTTP) request more than once? I'm a bit scared by what could go wrong to the whole board because I literally have the chance to doubleclick on a Submit button in so many different places.




            CHItA CHItA
            AmigoJack AmigoJack
            0 Vote for this issue
            2 Start watching this issue