@@ -315,6 +315,7 @@ function main($id, $mode)
315315 case 'apply_permissions ' :
316316 if (!isset ($ _POST ['setting ' ]))
317317 {
318+ send_status_line (403 , 'Forbidden ' );
318319 trigger_error ($ user ->lang ['NO_AUTH_SETTING_FOUND ' ] . adm_back_link ($ this ->u_action ), E_USER_WARNING );
319320 }
320321 if (!check_form_key ($ form_name ))
@@ -328,6 +329,7 @@ function main($id, $mode)
328329 case 'apply_all_permissions ' :
329330 if (!isset ($ _POST ['setting ' ]))
330331 {
332+ send_status_line (403 , 'Forbidden ' );
331333 trigger_error ($ user ->lang ['NO_AUTH_SETTING_FOUND ' ] . adm_back_link ($ this ->u_action ), E_USER_WARNING );
332334 }
333335 if (!check_form_key ($ form_name ))
@@ -687,6 +689,7 @@ function set_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$gro
687689 // Check the permission setting again
688690 if (!$ auth ->acl_get ('a_ ' . str_replace ('_ ' , '' , $ permission_type ) . 'auth ' ) || !$ auth ->acl_get ('a_auth ' . $ ug_type . 's ' ))
689691 {
692+ send_status_line (403 , 'Forbidden ' );
690693 trigger_error ($ user ->lang ['NO_AUTH_OPERATION ' ] . adm_back_link ($ this ->u_action ), E_USER_WARNING );
691694 }
692695
@@ -772,6 +775,7 @@ function set_all_permissions($mode, $permission_type, &$auth_admin, &$user_id, &
772775 // Check the permission setting again
773776 if (!$ auth ->acl_get ('a_ ' . str_replace ('_ ' , '' , $ permission_type ) . 'auth ' ) || !$ auth ->acl_get ('a_auth ' . $ ug_type . 's ' ))
774777 {
778+ send_status_line (403 , 'Forbidden ' );
775779 trigger_error ($ user ->lang ['NO_AUTH_OPERATION ' ] . adm_back_link ($ this ->u_action ), E_USER_WARNING );
776780 }
777781
@@ -884,6 +888,7 @@ function remove_permissions($mode, $permission_type, &$auth_admin, &$user_id, &$
884888 // Check the permission setting again
885889 if (!$ auth ->acl_get ('a_ ' . str_replace ('_ ' , '' , $ permission_type ) . 'auth ' ) || !$ auth ->acl_get ('a_auth ' . $ ug_type . 's ' ))
886890 {
891+ send_status_line (403 , 'Forbidden ' );
887892 trigger_error ($ user ->lang ['NO_AUTH_OPERATION ' ] . adm_back_link ($ this ->u_action ), E_USER_WARNING );
888893 }
889894
0 commit comments