Name:
core.functions_display.display_user_activity.actives_afterFile: includes/functions_display.php
Variables:
- $userdata -> Just as part of the set if another extension wants to meddle with it
- $active_t_row -> Based on its information and the user permission, I may need to empty it.
- $active_f_row -> I need to know the forum_id in order to apply the permission.
Before:
Code: Select all
$userdata['active_t_row'] = $active_t_row;
$userdata['active_f_row'] = $active_f_row;
Name:
core.functions_posting.load_drafts_topic_data_queryfile: includes/functions_posting.php
Variables:
- ? -> I'm not sure here. Maybe the $sql
Before:
Code: Select all
$result = $db->sql_query($sql);Name:
core.functions_posting.load_drafts_draft_list_resultsfile: includes/functions_posting.php
Variables:
- $draft -> I need topic_poster
- $link_topic -> I only act if it is a link to a topic
- $accept_row (new variable) -> I need to be able to reject a row because it failed to comply with the user's permissions
Before:
Code: Select all
$template->assign_block_vars('draftrow', array(Note: If found appropriate, this event can also only live inside the "if" when $link_topic is set to true. I just decided to place there in order to make it more reusable
Name:
core.mcp_mcp_front.mcp_front_view_queue_postid_list_afterfile: includes/mcp/mcp_front.php
Variables:
- $total -> I may need to change this number
- $post_list -> I need the posts to get to the topics to get to the topic posters
- $forum_list -> To calculate the diff with f_brunoais_can_read_others_topics list. If empty, then no action is done.
Code: Select all
if (empty($post_list))
{
$total = 0;
}
}Code: Select all
if ($total)core.mcp_mcp_front_reports_listing_query_beforefile: includes/mcp/mcp_front.php
Variables:
- $sql_ary -> In order to modify the query itself
- $forum_list -> I need to analyze the forum_list to make sure if I need to inject anything extra or not.
Code: Select all
'WHERE' => 'r.post_id = p.post_id
AND r.pm_id = 0
AND r.report_closed = 0
AND r.reason_id = rr.reason_id
AND p.topic_id = t.topic_id
AND r.user_id = u.user_id
AND p.poster_id = u2.user_id
AND ' . $db->sql_in_set('p.forum_id', $forum_list),
'ORDER_BY' => 'p.post_time DESC',
);Code: Select all
$sql = $db->sql_build_query('SELECT', $sql_ary);Name:
core.mcp_queue_!is_topics_query_beforefile: includes/mcp/mcp_queue.php
Variables:
- $sql -> Maybe add something to WHERE
- $forum_list -> Get which forums the user is looking at and I might need to analyze to make sure if I need to inject anything extra or not.
Code: Select all
OR t.topic_delete_user = 0)
$limit_time_sql
ORDER BY $sort_order_sql";Code: Select all
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);core.mcp_queue_is_topics_query_beforefile: includes/mcp/mcp_queue.php
Variables:
- $sql -> Maybe add something to WHERE
- $forum_list -> Get which forums the user is looking at and I might need to analyze to make sure if I need to inject anything extra or not.
Code: Select all
OR t.topic_delete_user = 0)
$limit_time_sql
ORDER BY $sort_order_sql";Code: Select all
$result = $db->sql_query($sql);Name:
core.mcp_reports_gather_query_beforefile: includes/mcp/mcp_reports.php
Variables:
- $sql -> Maybe add something to WHERE
- $forum_list -> Get which forums the user is looking at and I might need to analyze to make sure if I need to inject anything extra or not.
Code: Select all
AND t.topic_id = p.topic_id
AND r.pm_id = 0
$limit_time_sql
ORDER BY $sort_order_sql";Code: Select all
$result = $db->sql_query_limit($sql, $config['topics_per_page'], $start);Name:
core.ucp_pm_compose_compose_pm_basic_info_query_beforefile: includes/ucp/ucp_pm_compose.php
Variables:
- $sql -> Maybe column to SELECT
Code: Select all
if ($sql)
{
$result = $db->sql_query($sql);
$post = $db->sql_fetchrow($result);
$db->sql_freeresult($result);core.ucp_pm_compose_compose_pm_quotepost_query_afterfile: includes/ucp/ucp_pm_compose.php
Variables:
- $post -> Get the topic poster (the required forum_id is also inside)
Code: Select all
if (($post['forum_id'] && !$auth->acl_get('f_read', $post['forum_id'])) || (!$post['forum_id'] && !$auth->acl_getf_global('f_read')))
{
trigger_error('NOT_AUTHORISED');
}Code: Select all
// Passworded forum?
if ($post['forum_id'])
{Name:
core.mcp_global_f_read_auth_afterfile: mcp.php
Variables:
- $topic_id -> Required to get the topic poster
- $forum_id -> Required to compare towards f_brunoais_can_read_others_topics
Code: Select all
if ($forum_id && !$auth->acl_get('f_read', $forum_id))
{
trigger_error('NOT_AUTHORISED');
}Code: Select all
if ($forum_id)
{core.mcp_mcp_sorting_unapproved_deleted_posts_query_beforefile:
Variables:
- $forum_id -> See if I can get away without injecting f_brunoais_can_read_others_topics
- $topic_id -> Can be used to simplify the internal SQL query.
- $where_sql -> Required to inject the check
Code: Select all
$where_sql .= ($topic_id) ? ' p.topic_id = ' . $topic_id . ' AND' : '';Code: Select all
$sql = 'SELECT COUNT(p.post_id) AS total
FROM ' . POSTS_TABLE . ' p, ' . TOPICS_TABLE . " tcore.memberlist_viewprofile_email_query_beforefile: memberlist.php
Variables:
- $sql -> Add topic poster to the list
After:
Code: Select all
FROM ' . TOPICS_TABLE . "
WHERE topic_id = $topic_id";Code: Select all
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);core.memberlist_viewprofile_email_query_afterfile: memberlist.php
Variables:
- $row -> Gather the required info
After:
Code: Select all
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);Code: Select all
if (!$row)
{
trigger_error('NO_TOPIC');
}Name:
core.phpbb_content_visibility_get_forums_visibility_sql_beforefile: phpbb/content_visibility.php
Variables:
- $where_sql -> What I change with the result of the event
- $mode -> To know if I should do something or not
- $forum_ids -> Used to diff with f_brunoais_can_read_others_topics. If array(), nothing is done
- $table_alias -> Used so that the right table alias is used in the injection.
Code: Select all
public function get_forums_visibility_sql($mode, $forum_ids = array(), $table_alias = '')
{
$where_sql = '(';Code: Select all
$approve_forums = array_intersect($forum_ids, array_keys($this->auth->acl_getf('m_approve', true)));core.phpbb_content_visibility_get_global_visibility_sql_beforefile: phpbb/content_visibility.php
Variables:
- $where_sqls -> used to inject my extra check to the query
- $mode -> To know if I should do something or not
- $table_alias -> Used so that the right table alias is used in the injection.
Code: Select all
public function get_global_visibility_sql($mode, $exclude_forum_ids = array(), $table_alias = '')
{
$where_sqls = array();Code: Select all
$approve_forums = array_diff(array_keys($this->auth->acl_getf('m_approve', true)), $exclude_forum_ids);Name:
core.phpbb_log_log_get_logs_afterfile: phpbb/log/log.php
Variables:
- $topic_id_list -> Probably can be used to speed up the process
- $topic_auth -> used to inject my extra check to the query
- $log -> To place $log[$key]['viewtopic'] to false, when applicable
Code: Select all
$log[$key]['reportee_username_full'] = get_username_string('full', $row['reportee_id'], $reportee_data_list[$row['reportee_id']]['username'], $reportee_data_list[$row['reportee_id']]['user_colour'], false, $profile_url);
}
}Code: Select all
return $log;
}Name:
core.phpbb_log_log_get_topic_auth_sql_beforefile: phpbb/log/log.php
Variables:
- $sql -> ADD topic_poster to SELECT
Code: Select all
$sql = 'SELECT topic_id, forum_id
FROM ' . TOPICS_TABLE . '
WHERE ' . $this->db->sql_in_set('topic_id', array_map('intval', $topic_ids));Code: Select all
$result = $this->db->sql_query($sql);Name:
core.phpbb_log_log_get_topic_auth_sql_afterfile: phpbb/log/log.php
Variables:
- $forum_auth-> Add these permissions
- $row -> Where info is read from
Code: Select all
if ($this->auth->acl_get('f_read', $row['forum_id']))
{
$forum_auth['f_read'][$row['topic_id']] = $row['forum_id'];
}Code: Select all
if ($this->auth->acl_gets('a_', 'm_', $row['forum_id']))Name:
core.phpbb_notification_type_approve_topic_find_users_for_notification_middlefile: phpbb/notification/type/approve_topic.php
Variables:
- $post-> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))core.phpbb_notification_type_approve_post_find_users_for_notification_middlefile: phpbb/notification/type/approve_post.php
Variables:
- $post-> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))core.phpbb_notification_type_bookmark_find_users_for_notification_middlefile: phpbb/notification/type/approve_topic.php
Variables:
- $post-> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))core.phpbb_notification_type_post_find_users_for_notification_middlefile: phpbb/notification/type/post.php
Variables:
- $post-> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))core.phpbb_notification_type_post_in_queue_find_users_for_notification_middlefile: phpbb/notification/type/post_in_queue.php
Variables:
- $post-> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))core.phpbb_notification_type_quote_find_users_for_notification_middlefile: phpbb/notification/type/quote.php
Variables:
- $post -> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))core.phpbb_notification_type_topic_find_users_for_notification_middlefile: phpbb/notification/type/topic.php
Variables:
- $topic-> To read and, maybe, edit it
- $auth_read -> used to diff with f_brunoais_can_read_others_topics
Code: Select all
$auth_read = $this->auth->acl_get_list(array_keys($users), 'f_read', $post['forum_id']);Code: Select all
if (empty($auth_read))Name:
core.posting_f_read_afterfile: posting.php
Variables:
- $topic_id -> Used to gather the topic poster
- $forum_id -> Used to do the f_brunoais_can_read_others_topics check
Code: Select all
// Permission to do the action asked?
$is_authed = false;Name:
core.report_post_auth_middlefile: report.php
Variables:
- $report_data-> Used to gather the topic poster
- $forum_id -> Used to do the f_brunoais_can_read_others_topics check
Code: Select all
foreach ($acl_check_ary as $acl => $error);core.viewforum_shadow_topic_rowfile: viewforum.php
Variables:
- $row-> Used to gather the topic poster
- $orig_topic_id -> Used to clear up the tracks
- $rowset -> Used to clear up the tracks
- $topic_list -> Used to clear up the tracks
- $topics_count -> Used to clear up the tracks
Code: Select all
// We want to retain some values
$row = array_merge($row, array(Name:
core.viewtopic_f_read_afterfile:viewtopic.php
Variables:
- $topic_data -> Used to gather the topic poster
- $forum_id -> Used to do the f_brunoais_can_read_others_topics check
Code: Select all
// Forum is passworded ... check whether access has been granted to this
// user this session, if not show login box
if ($topic_data['forum_password'])'message.form.topic' method: check_allow().
You may see the actual places where I found the need for each event (including places where events exist and I'm just using) here: https://github.com/brunoais/phpbb3/comp ... p-can-view
Here's the main ticket for this:
https://tracker.phpbb.com/browse/PHPBB3-12799
EDIT: Changed the name from f_brunoais_read_other to f_brunoais_can_read_others_topics
