Bug #3044 » 3044-pt2.patch
| components/com_comprofiler/plugin/user/plug_pms_mypmspro/pms.mypmspro.php | ||
|---|---|---|
|
if ( cbGetParam( $_POST, $this->_getPagingParamName("sndnewmsg") ) == _UE_PM_SENDMESSAGE ) {
|
||
|
$sender = $this->_getReqParam("sender", null);
|
||
|
$recip = $this->_getReqParam("recip", null);
|
||
|
if ( $sender && $recip && ( $sender == $_CB_framework->myId() ) && ( $recip == $user->id ) && ( allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', userGID( $_CB_framework->myId() ) ) ) ) {
|
||
|
if ( $sender && $recip && ( $sender == $_CB_framework->myId() ) && ( $recip == $user->id ) && ( allowAccess( $ueConfig['allow_profileviewbyGID'], 'RECURSE', $_CB_framework->acl->get_groups_below_me( null, true ) ) ) ) {
|
||
|
cbSpoofCheck( 'pms' );
|
||
|
$newsub = htmlspecialchars($this->_getReqParam("newsub", null)); //urldecode done in _getReqParam
|
||
|
if($pmsType=='3' || $pmsType=='4') {
|
||