- Affected App
- WoltLab Suite Forum
Prüfung auf falsche Berechtigung in der ThreadAction
Hallo zusammen,
ich habe vorhin den Fehler beim Recherchieren in der Datei ThreadAction.class.php gefunden.
Betroffene Methode ist closeAll:
PHP
public function closeAll() {
list($boards, $boardIDs) = ThreadEditor::getBoards($this->threadIDs);
// check permissions
foreach ($boards as $board) {
$board->checkModeratorPermission('canDeleteThread');
}
ThreadEditor::closeAll($this->threadIDs);
ThreadEditor::unmarkAll();
HeaderUtil::redirect($this->url);
exit;
}Korrigierte Variante:
PHP
public function closeAll() {
list($boards, $boardIDs) = ThreadEditor::getBoards($this->threadIDs);
// check permissions
foreach ($boards as $board) {
$board->checkModeratorPermission('canCloseThread');
}
ThreadEditor::closeAll($this->threadIDs);
ThreadEditor::unmarkAll();
HeaderUtil::redirect($this->url);
exit;
}