From: Marcel Werk Date: Thu, 6 Jun 2013 15:46:54 +0000 (+0200) Subject: Added missing permission check X-Git-Tag: 2.0.0_Beta_4~117 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9d57227141f2407453f01aa0102339834bc3275b;p=GitHub%2FWoltLab%2FWCF.git Added missing permission check --- diff --git a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php index f9efe4805b..81cf038969 100644 --- a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php +++ b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentResponseUserActivityEvent.class.php @@ -22,40 +22,43 @@ class ProfileCommentResponseUserActivityEvent extends SingletonFactory implement * @see wcf\system\user\activity\event\IUserActivityEvent::prepare() */ public function prepare(array $events) { - $responseIDs = array(); - foreach ($events as $event) { - $responseIDs[] = $event->objectID; - } - - // fetch responses - $responseList = new CommentResponseList(); - $responseList->getConditionBuilder()->add("comment_response.responseID IN (?)", array($responseIDs)); - $responseList->readObjects(); - $responses = $responseList->getObjects(); - - // fetch comments - $commentIDs = $comments = array(); - foreach ($responses as $response) { - $commentIDs[] = $response->commentID; - } - if (!empty($commentIDs)) { - $commentList = new CommentList(); - $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($commentIDs)); - $commentList->readObjects(); - $comments = $commentList->getObjects(); - } + $responses = $responseIDs = array(); - // fetch users - $userIDs = $users = array(); - foreach ($comments as $comment) { - $userIDs[] = $comment->objectID; - $userIDs[] = $comment->userID; - } - if (!empty($userIDs)) { - $userList = new UserProfileList(); - $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs)); - $userList->readObjects(); - $users = $userList->getObjects(); + if (WCF::getSession()->getPermission('user.profile.canViewUserProfile')) { + foreach ($events as $event) { + $responseIDs[] = $event->objectID; + } + + // fetch responses + $responseList = new CommentResponseList(); + $responseList->getConditionBuilder()->add("comment_response.responseID IN (?)", array($responseIDs)); + $responseList->readObjects(); + $responses = $responseList->getObjects(); + + // fetch comments + $commentIDs = $comments = array(); + foreach ($responses as $response) { + $commentIDs[] = $response->commentID; + } + if (!empty($commentIDs)) { + $commentList = new CommentList(); + $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($commentIDs)); + $commentList->readObjects(); + $comments = $commentList->getObjects(); + } + + // fetch users + $userIDs = $users = array(); + foreach ($comments as $comment) { + $userIDs[] = $comment->objectID; + $userIDs[] = $comment->userID; + } + if (!empty($userIDs)) { + $userList = new UserProfileList(); + $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs)); + $userList->readObjects(); + $users = $userList->getObjects(); + } } // set message diff --git a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php index fbbd94ed7f..0ba8b1d51d 100644 --- a/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php +++ b/wcfsetup/install/files/lib/system/user/activity/event/ProfileCommentUserActivityEvent.class.php @@ -21,27 +21,30 @@ class ProfileCommentUserActivityEvent extends SingletonFactory implements IUserA * @see wcf\system\user\activity\event\IUserActivityEvent::prepare() */ public function prepare(array $events) { - $comentIDs = array(); - foreach ($events as $event) { - $comentIDs[] = $event->objectID; - } - - // fetch comments - $commentList = new CommentList(); - $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($comentIDs)); - $commentList->readObjects(); - $comments = $commentList->getObjects(); + $comments = $comentIDs = array(); - // fetch users - $userIDs = $users = array(); - foreach ($comments as $comment) { - $userIDs[] = $comment->objectID; - } - if (!empty($userIDs)) { - $userList = new UserProfileList(); - $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs)); - $userList->readObjects(); - $users = $userList->getObjects(); + if (WCF::getSession()->getPermission('user.profile.canViewUserProfile')) { + foreach ($events as $event) { + $comentIDs[] = $event->objectID; + } + + // fetch comments + $commentList = new CommentList(); + $commentList->getConditionBuilder()->add("comment.commentID IN (?)", array($comentIDs)); + $commentList->readObjects(); + $comments = $commentList->getObjects(); + + // fetch users + $userIDs = $users = array(); + foreach ($comments as $comment) { + $userIDs[] = $comment->objectID; + } + if (!empty($userIDs)) { + $userList = new UserProfileList(); + $userList->getConditionBuilder()->add("user_table.userID IN (?)", array($userIDs)); + $userList->readObjects(); + $users = $userList->getObjects(); + } } // set message