I found a better way to do it. Scrap the last idea and instead change the following in forum/createtopic.php:
Text Formatted Code
// NEW TOPIC OR REPLY
if(($method == 'newtopic' || $method == 'postreply' || $method == 'edit') OR ($preview == "Preview")) {
// Changed to not allow users to edit posts in locked topics.
$pid = 0;
if ($method == 'edit') {
$query = DB_query("SELECT pid FROM {$_TABLES['gf_topic']} WHERE id=$id");
$S = DB_fetchArray($query);
$pid = $S['pid'];
}
if (($method == 'postreply' && DB_getItem($_TABLES['gf_topic'],"locked","id=$id") == 1) ||
($method == 'edit' && (DB_getItem($_TABLES['gf_topic'],"locked","id=$pid") == 1 ||
DB_getItem($_TABLES['gf_topic'],"locked","id=$id")))) {
...
Unfortunately, it requires an extra database query, but it seemed to be the only way to get the id for the entire topic. I could have passed it in via the "Edit" link, but again, someone could then modify just that number in the link to circumvent the permissions check.