mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-23 23:20:57 +01:00
XSS in "manage users" page (mod log)
Mod log permissions fix Tiny display change in "manage users" page
This commit is contained in:
parent
20f9dbab47
commit
3f05a9282b
17
mod.php
17
mod.php
@ -1023,6 +1023,13 @@
|
||||
$query = query("SELECT *, (SELECT `time` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `last`, (SELECT `text` FROM `modlogs` WHERE `mod` = `id` ORDER BY `time` DESC LIMIT 1) AS `action` FROM `mods` ORDER BY `type` DESC,`id`") or error(db_error());
|
||||
while($_mod = $query->fetch()) {
|
||||
$type = $_mod['type'] == JANITOR ? 'Janitor' : ($_mod['type'] == MOD ? 'Mod' : 'Admin');
|
||||
|
||||
$_mod['boards'] = explode(',', $_mod['boards']);
|
||||
foreach($_mod['boards'] as &$_board) {
|
||||
if($_board != '*')
|
||||
$_board = '/' . $_board . '/';
|
||||
}
|
||||
|
||||
$body .= '<tr>' .
|
||||
'<td>' .
|
||||
$_mod['id'] .
|
||||
@ -1037,13 +1044,15 @@
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
str_replace(',', ', ', $_mod['boards']) .
|
||||
implode(', ', $_mod['boards']) .
|
||||
'</td>' .
|
||||
|
||||
'<td>' .
|
||||
($_mod['last'] ?
|
||||
'<span title="' . utf8tohtml($_mod['action']) . '">' . ago($_mod['last']) . '</span>'
|
||||
: '<em>never</em>') .
|
||||
(hasPermission($config['mod']['modlog']) ?
|
||||
($_mod['last'] ?
|
||||
'<span title="' . str_replace('"', '"', utf8tohtml($_mod['action'])) . '">' . ago($_mod['last']) . '</span>'
|
||||
: '<em>never</em>')
|
||||
: '-') .
|
||||
'</td>' .
|
||||
|
||||
'<td style="white-space:nowrap">' .
|
||||
|
Loading…
Reference in New Issue
Block a user