Greetings,
I was just wondering about pop_delete.asp...
For instance, I have deleted a reply, after reply deletion, it updates forum last topic info...
'## Forum_SQL - Get last_post and last_post_author for Forum
strSql = "SELECT TOPIC_ID, T_LAST_POST, T_LAST_POST_AUTHOR, T_LAST_POST_REPLY_ID "
strSql = strSql & " FROM " & strActivePrefix & "TOPICS "
strSql = strSql & " WHERE FORUM_ID = " & Forum_ID & " "
strSql = strSql & " ORDER BY T_LAST_POST DESC"
I feel there is something itchy there, it updates last topic even if they are not moderated yet, therefor allow people / bots try to go to an unmoderated topic from default.asp. It does not check Last Topic Status so...
So, I was thinking if it is okay to add " AND T_STATUS = 1" code there... By doing this, even though Admins/mods may not see "latest unmoderated" in main forum list, but users & bots (which are majority) will not be directed to a topic they will not see...
To Reproduce:
- Start two Topics (as user) to a First Posts Moderated Forum
- Go to the topic you started as first as admin and open it to posting. (The latest date one should be still unmoderated)
- Post a reply to first topic as user
- Delete reply
- Go to default.asp to check which topic is shown latest
Posted - 31 May 2009 : 12:31:16
