phpBB

Code Changes

File: includes/ucp/ucp_attachments.php

  Unmodified   Added   Modified   Removed
Line 41Line 41
		if ($delete && count($delete_ids))
{
// Validate $delete_ids...

		if ($delete && count($delete_ids))
{
// Validate $delete_ids...

			$sql = 'SELECT a.attach_id, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status

			$sql = 'SELECT a.attach_id, a.in_message, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status, pt.folder_id

				FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p
ON (a.post_msg_id = p.post_id AND a.in_message = 0)

				FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p
ON (a.post_msg_id = p.post_id AND a.in_message = 0)

Line 49Line 49
					ON (t.topic_id = p.topic_id AND a.in_message = 0)
LEFT JOIN ' . FORUMS_TABLE . ' f
ON (f.forum_id = t.forum_id AND a.in_message = 0)

					ON (t.topic_id = p.topic_id AND a.in_message = 0)
LEFT JOIN ' . FORUMS_TABLE . ' f
ON (f.forum_id = t.forum_id AND a.in_message = 0)

 
				LEFT JOIN ' . PRIVMSGS_TABLE . ' pr
ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)
LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt
ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)

				WHERE a.poster_id = ' . $user->data['user_id'] . '
AND a.is_orphan = 0
AND ' . $db->sql_in_set('a.attach_id', $delete_ids);

				WHERE a.poster_id = ' . $user->data['user_id'] . '
AND a.is_orphan = 0
AND ' . $db->sql_in_set('a.attach_id', $delete_ids);

Line 57Line 61
			$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{

			$delete_ids = array();
while ($row = $db->sql_fetchrow($result))
{

				if (!$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']))

				if (!$this->can_delete_file($row))

				{
continue;
}

				{
continue;
}

Line 135Line 139
		$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);


		$pagination = $phpbb_container->get('pagination');
$start = $pagination->validate_start($start, $config['topics_per_page'], $num_attachments);


		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, p.post_edit_locked, t.topic_status, f.forum_id, f.forum_status

		$sql = 'SELECT a.*, t.topic_title, pr.message_subject as message_title, pr.message_time as message_time, pt.folder_id, p.post_edit_locked, p.post_time, t.topic_status, f.forum_id, f.forum_status

			FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)

			FROM ' . ATTACHMENTS_TABLE . ' a
LEFT JOIN ' . POSTS_TABLE . ' p ON (a.post_msg_id = p.post_id AND a.in_message = 0)
LEFT JOIN ' . TOPICS_TABLE . ' t ON (a.topic_id = t.topic_id AND a.in_message = 0)
LEFT JOIN ' . FORUMS_TABLE . ' f ON (f.forum_id = t.forum_id AND a.in_message = 0)
LEFT JOIN ' . PRIVMSGS_TABLE . ' pr ON (a.post_msg_id = pr.msg_id AND a.in_message = 1)

 
				LEFT JOIN ' . PRIVMSGS_TO_TABLE . ' pt ON (a.post_msg_id = pt.msg_id AND a.poster_id = pt.author_id AND a.poster_id = pt.user_id AND a.in_message = 1)

			WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";

			WHERE a.poster_id = ' . $user->data['user_id'] . "
AND a.is_orphan = 0
ORDER BY $order_by";

Line 177Line 182
					'TOPIC_ID'			=> $row['topic_id'],

'S_IN_MESSAGE' => $row['in_message'],

					'TOPIC_ID'			=> $row['topic_id'],

'S_IN_MESSAGE' => $row['in_message'],

					'S_LOCKED'			=> !$row['in_message'] && !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']),

					'S_LOCKED'			=> !$this->can_delete_file($row),


'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)


'U_VIEW_ATTACHMENT' => append_sid("{$phpbb_root_path}download/file.$phpEx", 'id=' . $row['attach_id']),
'U_VIEW_TOPIC' => $view_topic)

Line 215Line 220

$this->tpl_name = 'ucp_attachments';
$this->page_title = 'UCP_ATTACHMENTS';


$this->tpl_name = 'ucp_attachments';
$this->page_title = 'UCP_ATTACHMENTS';

 
	}

/**
* Check if the user can delete the file
*
* @param array $row
*
* @return bool True if user can delete the file, false if not
*/
private function can_delete_file(array $row): bool
{
global $auth, $config;

if ($row['in_message'])
{
return ($row['message_time'] > (time() - ($config['pm_edit_time'] * 60)) || !$config['pm_edit_time']) && $row['folder_id'] == PRIVMSGS_OUTBOX && $auth->acl_get('u_pm_edit');
}
else
{
$can_edit_time = !$config['edit_time'] || $row['post_time'] > (time() - ($config['edit_time'] * 60));
$can_delete_time = !$config['delete_time'] || $row['post_time'] > (time() - ($config['delete_time'] * 60));
$item_locked = !$auth->acl_get('m_edit', $row['forum_id']) && ($row['forum_status'] == ITEM_LOCKED || $row['topic_status'] == ITEM_LOCKED || $row['post_edit_locked']);

return !$item_locked && $can_edit_time && $can_delete_time;
}

	}
}


	}
}