Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13323

posting.php can pass invalid auth option to acl_get()

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2-RC1
    • Component/s: Posting
    • Labels:
      None

      Description

      In posting.php while checking the topic type to determine if the user is authorized to use the topic type they are requesting, and an extension adds an additional topic type, an invalid blank value will be sent to acl_get() per the default option in the switch statement:
      https://github.com/phpbb/phpbb/blob/develop-ascraeus/phpBB/posting.php#L1124

      IMO the following line where it invokes acl_get() should be prepended with a check that $auth_option in not empty. Otherwise it is impossible for extensions to add topic types. The extension author is responsible for checking the permission for this separately (and can be achieved by nearby event calls).

        Activity

        There are no comments yet on this issue.

          People

          • Assignee:
            nickvergessen Joas Schilling
            Reporter:
            omniError omniError
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development