mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-29 17:54:29 +01:00
Mod ban exploit fix
This commit is contained in:
8chan Admin
parent
0395bd3cd7
commit
1bd54fa6a8
@ -761,6 +761,14 @@ function mod_page_ip($ip) {
|
|||||||
if (!hasPermission($config['mod']['unban']))
|
if (!hasPermission($config['mod']['unban']))
|
||||||
error($config['error']['noaccess']);
|
error($config['error']['noaccess']);
|
||||||
|
|
||||||
|
$bans = Bans::find($ip);
|
||||||
|
|
||||||
|
foreach ($bans as $i => $ban) {
|
||||||
|
if ($ban['id'] == $_POST['ban_id'])
|
||||||
|
if ($mod['boards'][0] != '*' && !in_array($ban['board'], $mod['boards']))
|
||||||
|
error($config['error']['noaccess']);
|
||||||
|
}
|
||||||
|
|
||||||
Bans::delete($_POST['ban_id'], true);
|
Bans::delete($_POST['ban_id'], true);
|
||||||
|
|
||||||
header('Location: ?/IP/' . $ip . '#bans', true, $config['redirect_http']);
|
header('Location: ?/IP/' . $ip . '#bans', true, $config['redirect_http']);
|
||||||
@ -855,7 +863,7 @@ function mod_ban() {
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!in_array($_POST['board'], $mod['boards']))
|
if (!in_array($_POST['board'], $mod['boards']) && $mod['boards'][0] != '*')
|
||||||
error($config['error']['noaccess']);
|
error($config['error']['noaccess']);
|
||||||
|
|
||||||
require_once 'inc/mod/ban.php';
|
require_once 'inc/mod/ban.php';
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user