I have cracked it :), it was not the simple patch (couple of lines of code) I wanted, but it works fine.
Again insert this code after line 147 in delete_post.asp:
'/* =================================================== */
'/* Patch by theSCIENTIST on 28 October 2004 &n bsp; */
'/* =================================================== */
'/* This patch fixes the vulnerability in which */
'/* a user could delete his own posts, regardless of */
'/* wether theres replies to it or not. The Author */
'/* can still delete the post if its the only post */
'/* in that Topic or if its the last post in the Topic. */
'/* Admins priviledges have not been changed. &nbs p; */
'/* =================================================== */
'/* If the user requesting deletion is the same as the user that posted the post to be deleted then... */
If lngDelMsgAuthorID = lngLoggedInUserID Then
Dim ducbRS, ducbTopic, ducbDelPostDate, ducbCount, ducbLastPostDate
'/* This first query is only needed to determine the date of the */
'/* post to be deleted, and to get the Topic that post belongs to */
Set ducbRS = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT " & strDbTable & "Thread.Thread_ID, " & strDbTable & "Thread.Topic_ID, " & strDbTable & "Thread.Author_ID, " & strDbTable & "Thread.Message_date "
strSQL = strSQL & "FROM " & strDbTable & "Thread "
strSQL = strSQL & "WHERE " & strDbTable & "Thread.Thread_ID=" & lngMessageID & ";"
ducbRS.Open strSQL, adoCon
If Not ducbRS.EOF Then
ducbTopic = ducbRS("Topic_ID")
ducbDelPostDate = ducbRS("Message_date")
End If
'/* Close recordset */
ducbRS.Close
Set ducbRS = Nothing
'/* This second query will get and count all posts belonging to the Topic in question */
Set ducbRS = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT " & strDbTable & "Thread.Thread_ID, " & strDbTable & "Thread.Topic_ID, " & strDbTable & "Thread.Author_ID, " & strDbTable & "Thread.Message_date "
strSQL = strSQL & "FROM " & strDbTable & "Thread "
strSQL = strSQL & "WHERE " & strDbTable & "Thread.Topic_ID=" & ducbTopic & ";"
'/* Dynamic recorset because we need to ride it */
ducbRS.CursorType = 2
ducbRS.Open strSQL, adoCon
'/* Do the counting */
Do While Not ducbRS.EOF
ducbCount = ducbCount + 1
ducbRS.MoveNext
Loop
'/* If theres more than 1 post in this Topic then... */
If ducbCount > 1 Then
'/* Move to last post and collect its date */
ducbRS.MoveLast
ducbLastPostDate = ducbRS("Message_date")
'/* If the date of the post to be deleted is older than the last post, in effect if */
'/* this is true then theres a new reply to the post, so dont allow delete operation */
If ducbDelPostDate < ducbLastPostDate Then
blnDelete = False
End If
End If
'/* Close recordset */
ducbRS.Close
Set ducbRS = Nothing
End If
'/* =================================================== */ |
I had to make 2 DB calls because the Topic_ID is not passed along from the delete request, but you can change the request to include a TID and skip the first DB query if you want.
NOTE: The parsing of this post actually disrupts the code and it may add spaces to it, so if you want to see the code ready for cut and paste I have set a text file of it here:
View code
You can see in the queries that I'm requesting the Author_ID also even thou I don't use it, this was because I wanted to make it so if the same Author posts several posts and no other Author replies to it, he can delete at will, I guess I'll do this later on.
Tell me how it preforms.
Topic Options
Post Options
Thanks(0)
