Uploaded image for project: 'phpBB3'
  1. phpBB3
  2. PHPBB3-13323

posting.php can pass invalid auth option to acl_get()

    Details

    • Type: Bug
    • Status: Unverified Fix
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.1
    • Fix Version/s: 3.1.2-RC1
    • Component/s: Posting
    • Labels:
      None

      Description

      In posting.php while checking the topic type to determine if the user is authorized to use the topic type they are requesting, and an extension adds an additional topic type, an invalid blank value will be sent to acl_get() per the default option in the switch statement:
      https://github.com/phpbb/phpbb/blob/develop-ascraeus/phpBB/posting.php#L1124

      IMO the following line where it invokes acl_get() should be prepended with a check that $auth_option in not empty. Otherwise it is impossible for extensions to add topic types. The extension author is responsible for checking the permission for this separately (and can be achieved by nearby event calls).

        Attachments

          Activity

            People

            • Assignee:
              nickvergessen Joas Schilling
              Reporter:
              omniError omniError [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: