Bots can add unlimited topic watches due to incorrect checks

This will not happen in a default installation of phpBB, but only because the prosilver template guards emitting the U_WATCH_TOPIC link with a not S_IS_BOT check, which is not an adequate safeguard and only masks the actual bug. A template without that check will leak functioning watch topic links to bots.

This happens because the check in watch_topic_forum to stop unregistered users from adding watches is $user_id != ANONYMOUS, but the check in viewtopic.php and viewforum.php to populate the notify_status field that gets passed to watch_topic_forum is (correctly) $user->data['is_registered'], which excludes bot accounts.

A cool thing about this bug is that since (1) there is no unique key constraint on the (topic_id, user_id) tuple the database for TOPICS_WATCH_TABLE, (2) link hashes have no time- or nonce-component to prevent replaying the same operation, and (3) watching topics violates HTTP spec by using a GET operation for a non-nullipotent operation, once a spider gets ahold of a watch topic link, it will keep periodically re-checking these URLs for updates, and each time this will add a fresh entry to the watch table.