[Pushed] Quoting posts removes moderator options under certain conditions
#1
The following code in ./newreply.php can cause the moderator options (close/stick thread) to disappear:

foreach($group_permissions as $fid => $forum_permissions)
{
	if(isset($forum_permissions['canonlyviewownthreads']) && $forum_permissions['canonlyviewownthreads'] == 1)
	{
		$onlyusfids[] = $fid;
	}
}

The loop resets $fid, which then means subsequent calls to is_moderator() check a different forum, and unless the user is also a moderator of that forum, the moderation options will then be hidden. This then means that threads that are closed/stuck will be opened/unstuck as the field is not in the form.

To reproduce: have 2 forums, set a user to be a moderator of the one with the smaller ID. Try to then quote any post, and you will not see the close/stick thread options.

The solution is to just not use $fid as the key in the loop.
MyReactions - All Plugins

Can you still feel the butterflies?

Free never tasted like pudding.
Reply
#2
Hi,

Thank you for your report. We have pushed this issue to our Github repository for further analysis where you can track our commits and progress with fixing this bug. Discussions regarding this bug may also take place there too.

Follow this link to visit the issue on Github: https://github.com/mybb/mybb/issues/2585

Thanks for contributing to MyBB!

Regards,
The MyBB Group
-Ben

Please do not PM me for support. I am looking to be hired for paid services.

You can view my paid services here.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)