MantisBT - v3.0 Release
View Issue Details
0001036v3.0 Release[All Projects] Generalpublic2011-12-17 12:172013-08-28 11:21
Reporterproject_manager 
Assigned Tocaseydk 
PrioritynormalSeverityblockReproducibilityrandom
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version3.0.0 
Summary0001036: "view pdf file" in Forum is blocked by "denied access ..." even if Admin
Descriptionlogical bug in ..\modules\forums\view_pdf.php in ALL versions (2.3.1 ...)

change this line:
//if (!$perms->checkModuleItem('forums', 'view', $message_id)) {

to:
if (!$perms->checkModuleItem('forums', 'view', $forum_id)) {

Permission is checked on the forum list, so "$forum_id" have to be used.

Randomly works/not work, because:

e.g. if forum_id: 1,2,3,4 (4x Forum topics are created)

if:
a) message_id: 10 (to pdf viewed) ---> permission check failed
b) message_id: 1,2,3,4 (in same range as forum_id) ---> ok.


  
TagsNo tags attached.
Attached Files

Notes
(0002356)
sasquatch58   
2011-12-17 14:38   
Other possibility is to drop the message_id altogether as:

$perms = &$AppUI->acl();
$canView = $perms->checkModuleItem($m, 'view');
if (!$canView) {
   $AppUI->redirect('m=public&a=access_denied');
}
(0002359)
caseydk   
2011-12-22 20:59   
Resolved in r2260 as described;

Issue History
2011-12-17 12:17project_managerNew Issue
2011-12-17 14:38sasquatch58Note Added: 0002356
2011-12-19 23:50caseydkStatusnew => assigned
2011-12-19 23:50caseydkAssigned To => caseydk
2011-12-22 20:59caseydkNote Added: 0002359
2011-12-22 20:59caseydkStatusassigned => resolved
2011-12-22 20:59caseydkResolutionopen => fixed
2013-08-28 11:14caseydkFixed in Version => 3.0.0
2013-08-28 11:21caseydkStatusresolved => closed