Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-29 01:34:31 +01:00
Code Releases Wiki Activity

Don't show users boards they can't control

Browse Source
This commit is contained in:
8chan Admin 2013-10-25 01:20:23 +00:00
parent 420ad3bf4e
commit 240d044660
4 changed files with 28 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
inc/bans.php
View File

@ -154,13 +154,17 @@ class Bans {
return $ban_list;
}
static public function list_all($offset = 0, $limit = 9001) {
static public function list_all($offset = 0, $limit = 9001, $board = false) {
$offset = (int)$offset;
$limit = (int)$limit;
$query = query("SELECT ``bans``.*, `username` FROM ``bans``
LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`
ORDER BY `created` DESC LIMIT $offset, $limit") or error(db_error());
$query = prepare("SELECT ``bans``.*, `username` FROM ``bans``
LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`" . ($board ? ' WHERE ``bans``.`board` = :board' : '') . "
ORDER BY `created` DESC LIMIT $offset, $limit");
if ($board)
$query->bindValue(':board', $board);
$query->execute() or error(db_error());
$bans = $query->fetchAll(PDO::FETCH_ASSOC);
foreach ($bans as &$ban) {
@ -170,8 +174,10 @@ class Bans {
return $bans;
}
static public function count() {
$query = query("SELECT COUNT(*) FROM ``bans``") or error(db_error());
static public function count($board = false) {
$query = prepare("SELECT COUNT(*) FROM ``bans`` WHERE `board` = :board");
$query->bindValue(':board', $board);
$query->execute() or error(db_error());
return (int)$query->fetchColumn();
}

10
inc/mod/pages.php
View File

@ -866,7 +866,7 @@ function mod_ban() {
}
function mod_bans($page_no = 1) {
global $config;
global $config, $mod;
if ($page_no < 1)
error($config['error']['404']);
@ -892,8 +892,10 @@ function mod_bans($page_no = 1) {
header('Location: ?/bans', true, $config['redirect_http']);
return;
}
$bans = Bans::list_all(($page_no - 1) * $config['mod']['banlist_page'], $config['mod']['banlist_page']);
$board = ($mod['boards'][0] == '*' ? false : $mod['boards'][0]);
$bans = Bans::list_all(($page_no - 1) * $config['mod']['banlist_page'], $config['mod']['banlist_page'], $board);
if (empty($bans) && $page_no > 1)
error($config['error']['404']);
@ -905,7 +907,7 @@ function mod_bans($page_no = 1) {
mod_page(_('Ban list'), 'mod/ban_list.html', array(
'bans' => $bans,
'count' => Bans::count(),
'count' => Bans::count($board),
'token' => make_secure_link_token('bans')
));
}

6
templates/mod/ban_form.html
View File

@ -65,20 +65,24 @@
<th>{% trans 'Board' %}</th>
<td>
<ul style="list-style:none;padding:2px 5px">
{% if mod.boards[0] == '*' %}
<li>
<input type="radio" name="board" value="*" id="ban-allboards" checked>
<label style="display:inline" for="ban-allboards">
<em>{% trans 'all boards' %}</em>
</label>
</li>
{% endif %}
{% for board in boards %}
{% if board.uri in mod.boards or mod.boards[0] == '*' %}
<li>
<input type="radio" name="board" value="{{ board.uri }}" id="ban-board-{{ board.uri }}">
<input type="radio" name="board" value="{{ board.uri }}" id="ban-board-{{ board.uri }}" {%if board.uri == mod.boards[0]%}checked{%endif%}>
<label style="display:inline" for="ban-board-{{ board.uri }}">
{{ config.board_abbreviation|sprintf(board.uri) }} - {{ board.title|e }}
</label>
</li>
{% endif %}
{% endfor %}
</ul>
</td>

5
templates/mod/dashboard.html
View File

@ -1,3 +1,4 @@
{{ mod.type }}
<fieldset>
<legend>{% trans 'Boards' %}</legend>
@ -16,6 +17,10 @@
{{ board.subtitle|e }}
{% endif %}
</small>
{% endif %}
{% if mod.type == "20" %}
<a href="?/settings/{{ board.uri }}"><small>[{% trans 'settings' %}]</small></a>
{% endif %}
{% if mod|hasPermission(config.mod.manageboards) %}
<a href="?/edit/{{ board.uri }}"><small>[{% trans 'edit' %}]</small></a>