From 1ecf764bb782f75f892ef283c18d8c15e141b2fa Mon Sep 17 00:00:00 2001
From: Baoshuo <i@baoshuo.ren>
Date: Mon, 3 Oct 2022 09:35:29 +0800
Subject: [PATCH] fix: return 403 if problem is used in a registered running
 contest

---
 web/app/controllers/subdomain/blog/blog.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/web/app/controllers/subdomain/blog/blog.php b/web/app/controllers/subdomain/blog/blog.php
index 83fc606..d61ab83 100644
--- a/web/app/controllers/subdomain/blog/blog.php
+++ b/web/app/controllers/subdomain/blog/blog.php
@@ -12,6 +12,17 @@
 		become403Page();
 	}
 
+	$solutions = DB::selectAll("select * from problems_solutions where blog_id = {$blog['id']}");
+	if ($solutions) {
+		foreach ($solutions as $solution) {
+			$problem = queryProblemBrief($solution['problem_id']);
+
+			if (!hasProblemPermission($myUser, $problem) && isRegisteredRunningContestProblem($myUser, $problem)) {
+				become403Page();
+			}
+		}
+	}
+
 	if (!isset($_COOKIE['bootstrap4'])) {
 		$REQUIRE_LIB['bootstrap5'] = '';
 	}