From 3d9e92055fffdac66f15d391efa832c424fd17a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rytis=20Slatkevi=C4=8Dius?= <rytis.s@gmail.com>
Date: Fri, 9 Feb 2007 21:07:51 +0000
Subject: [PATCH] Fix for the security fix (allow reading forums when logged
 out)

svn path=/trunk/boinc/; revision=12067
---
 html/inc/forum.inc         | 4 +++-
 html/user/forum_thread.php | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/html/inc/forum.inc b/html/inc/forum.inc
index 8adce7a1fe..93e359a613 100644
--- a/html/inc/forum.inc
+++ b/html/inc/forum.inc
@@ -214,8 +214,10 @@ function show_post($post, $thread, $logged_in_user, $n, $controls=FORUM_CONTROLS
     $user = $post->getOwner();
     global $no_forum_rating;
 
+    if ($logged_in_user) {
+        $tokens = url_tokens($logged_in_user->getAuthenticator());
+    }
 
-    $tokens = url_tokens($logged_in_user->getAuthenticator());
     //If the user that made this post is on the list of people to ignore, change thresholds to be much more strict
     if ($logged_in_user){
         if (in_array($user->getID(),$logged_in_user->getIgnoreList())){
diff --git a/html/user/forum_thread.php b/html/user/forum_thread.php
index df03084a2d..1e2adbba6c 100644
--- a/html/user/forum_thread.php
+++ b/html/user/forum_thread.php
@@ -18,7 +18,9 @@ if ($filter != "false"){
 }
 
 $logged_in_user = re_get_logged_in_user(false);
-$tokens = url_tokens($logged_in_user->getAuthenticator());
+if ($logged_in_user) {
+    $tokens = url_tokens($logged_in_user->getAuthenticator());
+}
 
 // Fetch the thread and increment the number of views
 $thread = new Thread($threadid);