Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2025-02-22 13:30:02 +01:00
Code Releases Wiki Activity

Add file_unlink on page delete and prevent index overwrite

Browse Source
This commit is contained in:
8chan 2015-03-28 19:34:01 -07:00
parent fe6683ee5c
commit 076b64aba4
1 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
inc/mod/pages.php
View File

@ -3353,14 +3353,18 @@ function delete_page_base($page = '', $board = false) {
if ($board !== FALSE && !openBoard($board)) if ($board !== FALSE && !openBoard($board))
error($config['error']['noboard']); error($config['error']['noboard']);
if ($board) { if (preg_match('/^[a-z0-9]{1,255}$/', $page) && !preg_match('/^(index|catalog|index\+50)|(\d+)$/', $page)) {
$query = prepare('DELETE FROM ``pages`` WHERE `board` = :board AND `name` = :name'); if ($board) {
$query->bindValue(':board', ($board ? $board : NULL)); $query = prepare('DELETE FROM ``pages`` WHERE `board` = :board AND `name` = :name');
} else { $query->bindValue(':board', ($board ? $board : NULL));
$query = prepare('DELETE FROM ``pages`` WHERE `board` IS NULL AND `name` = :name'); } else {
$query = prepare('DELETE FROM ``pages`` WHERE `board` IS NULL AND `name` = :name');
}
$query->bindValue(':name', $page);
$query->execute() or error(db_error($query));
@file_unlink(($board ? ($board . '/') : '') . $page . '.html');
} }
$query->bindValue(':name', $page);
$query->execute() or error(db_error($query));
header('Location: ?/edit_pages' . ($board ? ('/' . $board) : ''), true, $config['redirect_http']); header('Location: ?/edit_pages' . ($board ? ('/' . $board) : ''), true, $config['redirect_http']);
} }
@ -3475,6 +3479,9 @@ function mod_pages($board = false) {
if (!preg_match('/^[a-z0-9]{1,255}$/', $_POST['page'])) if (!preg_match('/^[a-z0-9]{1,255}$/', $_POST['page']))
error(_('Page names must be < 255 chars and may only contain lowercase letters A-Z and digits 1-9.')); error(_('Page names must be < 255 chars and may only contain lowercase letters A-Z and digits 1-9.'));
if (preg_match('/^(index|catalog|index\+50)|(\d+)$/', $_POST['page']))
error(_('Nope.'));
foreach ($pages as $i => $p) { foreach ($pages as $i => $p) {
if ($_POST['page'] === $p['name']) if ($_POST['page'] === $p['name'])
error(_('Refusing to create a new page with the same name as an existing one.')); error(_('Refusing to create a new page with the same name as an existing one.'));