diff -ubBr --exclude=uploads --exclude=images --exclude=images_pcf --exclude=config.php --exclude=languages --exclude=settings.php Upload/editpost.php forum/editpost.php --- Upload/editpost.php 2006-07-28 04:29:52.000000000 +0200 +++ forum/editpost.php 2006-06-30 09:58:55.000000000 +0200 @@ -73,6 +73,11 @@ { nopermission(); } +// KK: +$query = $db->query("SELECT MAX(pid) as lastpostpid FROM ".TABLE_PREFIX."posts WHERE tid='$tid'") ; +$lastpost = $db->fetch_array($query); +// KK^ + if($mybb->input['action'] == "deletepost" && $mybb->request_method == "post") { if(ismod($fid, "candeleteposts") != "yes") @@ -89,11 +94,18 @@ { nopermission(); } +// KK: + if ($lastpost['lastpostpid'] != $pid) + { + nopermission(); + } +// KK^ } } else { - if(ismod($fid, "caneditposts") != "yes") { + if(ismod($fid, "caneditposts") != "yes") + { if($thread['closed'] == "yes") { redirect("showthread.php?tid=$tid", $lang->redirect_threadclosed); } @@ -103,6 +115,12 @@ if($mybb->user['uid'] != $post['uid']) { nopermission(); } +// KK: + if ($lastpost['lastpostpid'] != $pid) + { + nopermission(); + } +// KK^ // Edit time limit $time = time(); if($mybb->settings['edittimelimit'] != 0 && $post['dateline'] < ($time-($mybb->settings['edittimelimit']*60))) diff -ubBr --exclude=uploads --exclude=images --exclude=images_pcf --exclude=config.php --exclude=languages --exclude=settings.php Upload/inc/functions_post.php forum/inc/functions_post.php --- Upload/inc/functions_post.php 2006-07-28 04:29:52.000000000 +0200 +++ forum/inc/functions_post.php 2006-08-06 12:33:09.000000000 +0200 @@ -624,12 +628,14 @@ $post['editnote'] = sprintf($lang->postbit_edited, $post['editdate'], $post['edittime']); eval("\$post['editedmsg'] = \"".$templates->get("postbit_editedby")."\";"); } - if((ismod($fid, "caneditposts") == "yes" || $mybb->user['uid'] == $post['uid']) && $mybb->user['uid'] != 0) +//KK: if((ismod($fid, "caneditposts") == "yes" || $mybb->user['uid'] == $post['uid']) && $mybb->user['uid'] != 0) + if((ismod($fid, "caneditposts") == "yes" || ($mybb->user['uid'] == $post['uid'] && $post['lastpostpid'] == $post['pid'])) && $mybb->user['uid'] != 0) { eval("\$post['button_edit'] = \"".$templates->get("postbit_edit")."\";"); } // Quick Delete button - if((ismod($fid, "candeleteposts") == "yes" || $mybb->user['uid'] == $post['uid']) && $mybb->user['uid'] != 0) +//KK: if((ismod($fid, "candeleteposts") == "yes" || $mybb->user['uid'] == $post['uid']) && $mybb->user['uid'] != 0) + if((ismod($fid, "candeleteposts") == "yes" || ($mybb->user['uid'] == $post['uid'] && $post['lastpostpid'] == $post['pid'])) && $mybb->user['uid'] != 0) { eval("\$post['button_quickdelete'] = \"".$templates->get("postbit_quickdelete")."\";"); } diff -ubBr --exclude=uploads --exclude=images --exclude=images_pcf --exclude=config.php --exclude=languages --exclude=settings.php Upload/showthread.php forum/showthread.php --- Upload/showthread.php 2006-07-28 04:29:52.000000000 +0200 +++ forum/showthread.php 2006-08-20 12:02:58.000000000 +0200 @@ -420,6 +492,10 @@ error($lang->error_invalidthread); } + // KK: + $query = $db->query("SELECT MAX(pid) as lastpostpid FROM ".TABLE_PREFIX."posts WHERE tid='$tid'") ; + $lastpost = $db->fetch_array($query); + // KK^ // Lets get the actual posts $pfirst = true; $query = $db->query("SELECT u.*, u.username AS userusername, p.*, f.*, i.path as iconpath, i.name as iconname, eu.username AS editusername FROM ".TABLE_PREFIX."posts p LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=p.uid) LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid) LEFT JOIN ".TABLE_PREFIX."icons i ON (i.iid=p.icon) LEFT JOIN ".TABLE_PREFIX."users eu ON (eu.uid=p.edituid) WHERE $pids ORDER BY p.dateline"); @@ -429,6 +505,7 @@ { $post['visible'] = 0; } + $post['lastpostpid'] = $lastpost['lastpostpid'] ; $posts .= makepostbit($post); $post = ""; $pfirst = false;