2010-07-15, 03:16 PM
In global.php
Should IMO be changed to something like this:
Allowing people to make plugins that will let... oh say banned users access PMs without a core file edit.
if($mybb->usergroup['canview'] != 1)
{
// Check pages allowable even when not allowed to view board
$allowable_actions = array(
"member.php" => array(
"register",
"do_register",
"login",
"do_login",
"logout",
"lostpw",
"do_lostpw",
"activate",
"resendactivation",
"do_resendactivation",
"resetpassword"
),
"usercp2.php" => array(
"removesubscription",
"removesubscriptions"
),
);
if(!($current_page == "member.php" && in_array($mybb->input['action'], $allowable_actions['member.php'])) && !($current_page == "usercp2.php" && in_array($mybb->input['action'], $allowable_actions['usercp2.php'])) && $current_page != "captcha.php")
{
error_no_permission();
}
unset($allowable_actions);
}
Should IMO be changed to something like this:
if($mybb->usergroup['canview'] != 1)
{
$can_perform_action = FALSE;
// Check pages allowable even when not allowed to view board
$allowable_actions = array(
"member.php" => array(
"register",
"do_register",
"login",
"do_login",
"logout",
"lostpw",
"do_lostpw",
"activate",
"resendactivation",
"do_resendactivation",
"resetpassword"
),
"usercp2.php" => array(
"removesubscription",
"removesubscriptions"
),
);
$can_perform_action = $plugins->run_hooks("global_no_permissions", $can_perform_action);
if(!($current_page == "member.php" && in_array($mybb->input['action'], $allowable_actions['member.php'])) && !($current_page == "usercp2.php" && in_array($mybb->input['action'], $allowable_actions['usercp2.php'])) && $current_page != "captcha.php" && $can_perform_action == FALSE)
{
error_no_permission();
}
unset($allowable_actions);
}
Allowing people to make plugins that will let... oh say banned users access PMs without a core file edit.