Thread: Add-On Releases - BFC-Download
View Single Post
  #150  
Old 10-07-2009, 07:17 PM
Trek Trek is offline
 
Join Date: Sep 2003
Posts: 664
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
At the top of the \downloads.php file where access permissions are set, it looks like a copy/paste problem with permissions.

All of the permissions are set to to the "canaddfiles" permission. So if someone can add files, they can do anything, delete, etc, view, etc.

To fix:

Open \downloads.php

Find:

Code:
$canaddfiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
$candeletefiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
$caneditfiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
$canaddimages = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
$canviewfiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
$canviewimages = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
Replace with:

Code:
$canaddfiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddfiles'];
$candeletefiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['candeletefiles'];
$caneditfiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['caneditfiles'];
$canaddimages = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canaddimages'];
$canviewfiles = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canviewfiles'];
$canviewimages = $permissions['bfc_download'] & $vbulletin->bf_ugp['bfc_download']['canviewimages'];
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01182 seconds
  • Memory Usage 1,766KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (2)bbcode_code
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete