}
}
+#ifdef MESSAGE_IN_ROOM
+/*
+ * Check if a message is in the current room.
+ * This is used by CtdlFetchMessage to prevent random picking
+ * of messages from users private rooms
+ *
+ * The message list should probably be cached against the CC->room
+ */
+int CtdlMessageInRoom(long msgnum)
+{
+ visit vbuf;
+ struct cdbdata *cdbfr;
+ /* Learn about the user and room in question */
+ CtdlGetUser(&CC->user, CC->curr_user);
+ CtdlGetRelationship(&vbuf, &CC->user, &CC->room);
+
+ /* Load the message list */
+ cdbfr = cdb_fetch(CDB_MSGLISTS, &CC->room.QRnumber, sizeof(long));
+ if (cdbfr != NULL) {
+ long *msglist = NULL;
+ int num_msgs = 0;
+ int i;
+ int r = 0;
+
+ msglist = (long *) cdbfr->ptr;
+ num_msgs = cdbfr->len / sizeof(long);
+
+ /* search for message msgnum */
+ for (i=0; i<num_msgs; i++) {
+ if (msglist[i] == msgnum) {
+ r = 1;
+ break;
+ }
+ }
+
+ cdb_free(cdbfr);
+ return r;
+ } else {
+ return 0;
+ }
+}
+#endif
/*
* Load a message from disk into memory.
CtdlLogPrintf(CTDL_DEBUG, "CtdlFetchMessage(%ld, %d)\n", msgnum, with_body);
+#ifdef MESSAGE_IN_ROOM
+ if (!CtdlMessageInRoom(msgnum)) {
+ CtdlLogPrintf(CTDL_DEBUG, "Message %ld not in current room\n", msgnum);
+ return NULL;
+ }
+#endif
+
dmsgtext = cdb_fetch(CDB_MSGMAIN, &msgnum, sizeof(long));
if (dmsgtext == NULL) {
return NULL;
return(r);
}
- /* FIXME: check message id against msglist for this room */
+#ifdef MESSAGE_IN_ROOM
+ if (!CtdlMessageInRoom(msg_num)) {
+ CtdlLogPrintf(CTDL_DEBUG, "Message %ld not in current room\n", msg_num);
+ if (do_proto) cprintf("%d Can't locate msg %ld in room\n",
+ ERROR + MESSAGE_NOT_FOUND, msg_num);
+ return(om_no_such_msg);
+ }
+#endif
/*
* Fetch the message from disk. If we're in HEADERS_FAST mode,
* room. Returns a *CITADEL ERROR CODE* and puts a message in errmsgbuf, or
* returns 0 on success.
*/
-int CtdlDoIHavePermissionToPostInThisRoom(char *errmsgbuf,
- size_t n,
- const char* RemoteIdentifier,
- int PostPublic) {
+int CtdlDoIHavePermissionToPostInThisRoom(
+ char *errmsgbuf,
+ size_t n,
+ const char* RemoteIdentifier,
+ int PostPublic,
+ int is_reply
+) {
int ra;
if (!(CC->logged_in) &&
}
CtdlRoomAccess(&CC->room, &CC->user, &ra, NULL);
- if (!(ra & UA_POSTALLOWED)) {
+
+ if ( (!(ra & UA_POSTALLOWED)) && (ra & UA_REPLYALLOWED) && (!is_reply) ) {
+ /*
+ * To be thorough, we ought to check to see if the message they are
+ * replying to is actually a valid one in this room, but unless this
+ * actually becomes a problem we'll go with high performance instead.
+ */
+ snprintf(errmsgbuf, n, "You may only reply to existing messages here.");
+ return (ERROR + HIGHER_ACCESS_REQUIRED);
+ }
+
+ else if (!(ra & UA_POSTALLOWED)) {
snprintf(errmsgbuf, n, "Higher access is required to post in this room.");
return (ERROR + HIGHER_ACCESS_REQUIRED);
}
CC->room = tempQR;
/* Check permissions to send mail to this room */
- err = CtdlDoIHavePermissionToPostInThisRoom(errmsg,
- sizeof errmsg,
- RemoteIdentifier,
- Flags
+ err = CtdlDoIHavePermissionToPostInThisRoom(
+ errmsg,
+ sizeof errmsg,
+ RemoteIdentifier,
+ Flags,
+ 0 /* 0 = not a reply */
);
if (err)
{
/* first check to make sure the request is valid. */
- err = CtdlDoIHavePermissionToPostInThisRoom(errmsg, sizeof errmsg, NULL, POST_LOGGED_IN);
+ err = CtdlDoIHavePermissionToPostInThisRoom(
+ errmsg,
+ sizeof errmsg,
+ NULL,
+ POST_LOGGED_IN,
+ (!IsEmptyStr(references)) /* is this a reply? or a top-level post? */
+ );
if (err)
{
cprintf("%d %s\n", err, errmsg);
projects / citadel.git / blobdiff