fix: return 403 if problem is used in a registered running contest

web/app/controllers/problem_solutions.php

@@ -10,11 +10,15 @@
 		become404Page();
 	}
 
+	if (!isProblemVisibleToUser($problem, $myUser)) {
+		become404Page();
+	}
+
 	$problem_extra_config = getProblemExtraConfig($problem);
 	$solution_viewable = hasViewSolutionPermission($problem_extra_config['view_solution_type'], $myUser, $problem);
 	$solution_submittable = hasViewSolutionPermission($problem_extra_config['submit_solution_type'], $myUser, $problem);
 
-	if (!$solution_viewable) {
+	if (!$solution_viewable || isRegisteredRunningContestProblem($myUser, $problem)) {
 		become403Page();
 	}
 

web/app/controllers/problem_statistics.php

@@ -21,6 +21,10 @@
 		if (!isNormalUser($myUser)) {
 			become403Page();
 		}
+
+		if (isRegisteredRunningContestProblem($myUser, $problem)) {
+			become403Page();
+		}
 	}
 
 	function scoreDistributionData() {

web/app/controllers/submission.php

@@ -29,7 +29,8 @@
 			become403Page();
 		}
 	}
-	if (!isSubmissionVisibleToUser($submission, $problem, $myUser)) {
+
+	if (!isSubmissionVisibleToUser($submission, $problem, $myUser) || isRegisteredRunningContestProblem($myUser, $problem)) {
 		become403Page();
 	}
 	

web/app/libs/uoj-query-lib.php

@@ -245,6 +245,22 @@ function isHackFullVisibleToUser($hack, $contest, $problem, $user) {
 	}
 }
 
+function isRegisteredRunningContestProblem($user, $problem) {
+	$result = DB::query("select contest_id from contests_problems where problem_id = {$problem['id']}");
+	while (list($contest_id) = DB::fetch($result, MYSQLI_NUM)) {
+		$contest = queryContest($contest_id);
+		genMoreContestInfo($contest);
+		if (CONTEST_NOT_STARTED < $contest['cur_progress'] && $contest['cur_progress'] <= CONTEST_IN_PROGRESS
+			&& hasRegistered($user, $contest)
+			&& !hasContestPermission($user, $contest)
+			&& queryContestProblemRank($contest, $problem)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
 function deleteBlog($id) {
 	if (!validateUInt($id)) {
 		return;