diff --git a/checkin_notes b/checkin_notes index f5d5010ffd..ea10f5c8e8 100755 --- a/checkin_notes +++ b/checkin_notes @@ -4192,3 +4192,11 @@ Rom 25 Apr 2006 api/ gutil.C + +Rom 25 Apr 2006 + - Bug Fix: Hide everything about a thread if it has been closed to + prevent identity information being disclosed as part of the + subject line. + + html/user/ + forum_thread.php diff --git a/html/user/forum_thread.php b/html/user/forum_thread.php index 234ba64366..d2eafbd2eb 100644 --- a/html/user/forum_thread.php +++ b/html/user/forum_thread.php @@ -27,6 +27,14 @@ $category = getCategory($forum->category); $logged_in_user = get_logged_in_user(false); $logged_in_user = getForumPreferences($logged_in_user); + +if (($thread->hidden) && (!isSpecialUser($logged_in_user,0))) { + // Hide anything and everything about a thread if it has been closed. + // People are posting identity information in the thread subject + error_page("This thread has been hidden for administrative purposes"); +} + + $title = cleanup_title($thread->title); if ($category->is_helpdesk) { if (!$sort_style) { @@ -66,92 +74,82 @@ if ($logged_in_user) { show_forum_title($forum, $thread, $category->is_helpdesk); -if (($thread->hidden) && (!isSpecialUser($logged_in_user,0))) { - /* If the user logged in is a moderator, show him the - + * thread if he goes so far as to name it by ID like this. - + * Otherwise, hide the thread. - + */ - error_page("This thread has been hidden for administrative purposes"); +echo " +
+ id, "\"> + + + "; + +echo ""; + +echo "\n
+"; + +$link = "id; +if ($category->is_helpdesk) { + $link = $link . "&helpdesk=1#input\">Answer this question"; } else { - - echo " - - id, "\"> - - - "; - - echo ""; - - echo "\n
- "; - - $link = "id; - if ($category->is_helpdesk) { - $link = $link . "&helpdesk=1#input\">Answer this question"; - } else { - $link = $link . "#input\">Reply to this thread"; - } - - echo $link, "
"; - - if ($is_subscribed) { - if ($category->is_helpdesk) { - echo "You are subscribed to this question. "; - } else { - echo "You are subscribed to this thread. "; - } - echo "id\">Click here to unsubscribe."; - } else { - if ($category->is_helpdesk) { - echo "id\">Subscribe to this question"; - } else { - echo "id\">Subscribe to this thread"; - } - } - - if (isSpecialUser($logged_in_user,0)){ //If logged in users is moderator - echo "
id\">Delete this thread"; - if($thread->sticky) - { echo "
id\">De-sticky this thread"; } - else - { echo "
id\">Make this thread sticky"; } - } - - echo "		"; - if ($category->is_helpdesk) { - show_select_from_array("sort", $answer_sort_styles, $sort_style); - } else { - echo "Sort "; - show_select_from_array("sort", $thread_sort_styles, $sort_style); - //show_select_from_array("filter", $thread_filter_styles, $filter_min); - } - echo "\n
\n\n"; - - // Here is where the actual thread begins. - if ($category->is_helpdesk) { - $headings = array(array("Author","authorcol"), "Question",""); - } else { - $headings = array(array("Author","authorcol"), "Message",""); - } - - start_forum_table($headings, "id=\"thread\" width=100%"); - show_posts($thread, $sort_style, $filter, true, true, $category->is_helpdesk); - end_forum_table(); - - echo "

"; - - $link = "id; - if ($category->is_helpdesk) { - $link = $link . "&helpdesk=1#input\">Answer this question"; - } else { - $link = $link . "#input\">Reply to this thread"; - } - - echo $link, "
\n

"; - show_forum_title($forum, $thread, $category->is_helpdesk); - + $link = $link . "#input\">Reply to this thread"; } +echo $link, "
"; + +if ($is_subscribed) { + if ($category->is_helpdesk) { + echo "You are subscribed to this question. "; + } else { + echo "You are subscribed to this thread. "; + } + echo "id\">Click here to unsubscribe."; +} else { + if ($category->is_helpdesk) { + echo "id\">Subscribe to this question"; + } else { + echo "id\">Subscribe to this thread"; + } +} + +if (isSpecialUser($logged_in_user,0)){ //If logged in users is moderator + echo "
id\">Delete this thread"; +if($thread->sticky) +{ echo "
id\">De-sticky this thread"; } +else +{ echo "
id\">Make this thread sticky"; } +} + +echo "		"; +if ($category->is_helpdesk) { + show_select_from_array("sort", $answer_sort_styles, $sort_style); +} else { + echo "Sort "; + show_select_from_array("sort", $thread_sort_styles, $sort_style); + //show_select_from_array("filter", $thread_filter_styles, $filter_min); +} +echo "\n
\n\n"; + +// Here is where the actual thread begins. +if ($category->is_helpdesk) { + $headings = array(array("Author","authorcol"), "Question",""); +} else { + $headings = array(array("Author","authorcol"), "Message",""); +} + +start_forum_table($headings, "id=\"thread\" width=100%"); +show_posts($thread, $sort_style, $filter, true, true, $category->is_helpdesk); +end_forum_table(); + +echo "

"; + +$link = "id; +if ($category->is_helpdesk) { + $link = $link . "&helpdesk=1#input\">Answer this question"; +} else { + $link = $link . "#input\">Reply to this thread"; +} + +echo $link, "
\n

"; +show_forum_title($forum, $thread, $category->is_helpdesk); + page_tail(); ?>