[ticket/10650]Added permission checking and utf8 functions

Passworded forums and ones in which user doesn't have
read access will be excluded. Also uft8 based string functions and
html encode/decode functions have been used to sanitise subject.

PHPBB3-10650

phpBB/includes/functions_display.php

@@ -397,9 +397,9 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 		if ($row['forum_last_post_id'])
 		{
 			$last_post_subject = $row['forum_last_post_subject'];
-			if (strlen($last_post_subject) > 30)
-					{
-						$last_post_subject = substr($last_post_subject, 0, 30);
+			if (utf8_strlen(htmlspecialchars_decode($last_post_subject)) > 30)
+					{	
+						$last_post_subject = htmlspecialchars(utf8_substr(htmlspecialchars_decode($last_post_subject, 0, 30)));
 						$last_post_subject .= '...';
 					}
 			$last_post_time = $user->format_date($row['forum_last_post_time']);
@@ -456,7 +456,7 @@ function display_forums($root_data = '', $display_moderators = true, $return_mod
 			'S_LOCKED_FORUM'	=> ($row['forum_status'] == ITEM_LOCKED) ? true : false,
 			'S_LIST_SUBFORUMS'	=> ($row['display_subforum_list']) ? true : false,
 			'S_SUBFORUMS'		=> (sizeof($subforums_list)) ? true : false,
-			'S_DISPLAY_SUBJECT'	=>	($row['display_last_subject']) ? true : false,
+			'S_DISPLAY_SUBJECT'	=>	($row['display_last_subject'] && !$row['forum_password'] && $auth->acl_get('f_read', $row['forum_id'])) ? true : false,
 			'S_FEED_ENABLED'	=> ($config['feed_forum'] && !phpbb_optionget(FORUM_OPTION_FEED_EXCLUDE, $row['forum_options']) && $row['forum_type'] == FORUM_POST) ? true : false,
 
 			'FORUM_ID'				=> $row['forum_id'],