From 67cbc2b1aaf285c604c618de646d6d6e1e930b7a Mon Sep 17 00:00:00 2001
From: Michael Foster <savetheinternet@tinyboard.org>
Date: Sat, 20 Jul 2013 13:15:44 -0400
Subject: [PATCH] Fix permissions with search

---
 inc/mod/pages.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/inc/mod/pages.php b/inc/mod/pages.php
index 79d87ba1..cddecad0 100644
--- a/inc/mod/pages.php
+++ b/inc/mod/pages.php
@@ -252,16 +252,22 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
 	if ($type == 'IP_notes') {
 		$query = 'SELECT * FROM `ip_notes` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC';
 		$sql_table = 'ip_notes';
+		if (!hasPermission($config['mod']['view_notes']) || !hasPermission($config['mod']['show_ip']))
+			error($config['error']['noaccess']);
 	}
 	
 	if ($type == 'bans') {
 		$query = 'SELECT `bans`.*, `username` FROM `bans` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY (`expires` IS NOT NULL AND `expires` < UNIX_TIMESTAMP()), `set` DESC';
 		$sql_table = 'bans';
+		if (!hasPermission($config['mod']['view_banlist']))
+			error($config['error']['noaccess']);
 	}
 	
 	if ($type == 'log') {
 		$query = 'SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM `modlogs` LEFT JOIN `mods` ON `mod` = `mods`.`id` WHERE ' . $sql_like . ' ORDER BY `time` DESC';
 		$sql_table = 'modlogs';
+		if (!hasPermission($config['mod']['modlog']))
+			error($config['error']['noaccess']);
 	}
 		
 	// Execute SQL query (with pages)