mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-30 18:24:29 +01:00
Allow Unicode in board URIs.
This commit is contained in:
parent
3bee1ba4fd
commit
42cba53887
@ -1130,6 +1130,9 @@
|
|||||||
// 'type' => 'scp'
|
// 'type' => 'scp'
|
||||||
//);
|
//);
|
||||||
|
|
||||||
|
// Regex for board URIs
|
||||||
|
$config['board_regex'] = '[0-9a-zA-Z$_\x{0080}-\x{FFFF}]{1,58}';
|
||||||
|
|
||||||
// Complex regular expression to catch URLs
|
// Complex regular expression to catch URLs
|
||||||
$config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(:\d+)?' . '(\/([\w\-~.#\/?=&;:+%!*\[\]@$\'()+,|\^]+)?)?' . '/';
|
$config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(:\d+)?' . '(\/([\w\-~.#\/?=&;:+%!*\[\]@$\'()+,|\^]+)?)?' . '/';
|
||||||
|
|
||||||
|
@ -235,7 +235,7 @@ function bidi_cleanup($str){
|
|||||||
function secure_link_confirm($text, $title, $confirm_message, $href) {
|
function secure_link_confirm($text, $title, $confirm_message, $href) {
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlentities(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
|
return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
|
||||||
}
|
}
|
||||||
function secure_link($href) {
|
function secure_link($href) {
|
||||||
return $href . '/' . make_secure_link_token($href);
|
return $href . '/' . make_secure_link_token($href);
|
||||||
@ -299,7 +299,7 @@ class Post {
|
|||||||
// Fix internal links
|
// Fix internal links
|
||||||
// Very complicated regex
|
// Very complicated regex
|
||||||
$this->body = preg_replace(
|
$this->body = preg_replace(
|
||||||
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/',
|
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), $config['board_regex']) . ')/u',
|
||||||
'<a $1href="?/$4',
|
'<a $1href="?/$4',
|
||||||
$this->body
|
$this->body
|
||||||
);
|
);
|
||||||
@ -398,7 +398,7 @@ class Thread {
|
|||||||
// Fix internal links
|
// Fix internal links
|
||||||
// Very complicated regex
|
// Very complicated regex
|
||||||
$this->body = preg_replace(
|
$this->body = preg_replace(
|
||||||
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/',
|
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), $config['board_regex']) . ')/u',
|
||||||
'<a $1href="?/$4',
|
'<a $1href="?/$4',
|
||||||
$this->body
|
$this->body
|
||||||
);
|
);
|
||||||
|
@ -98,18 +98,18 @@ function loadConfig() {
|
|||||||
'https?:\/\/' . $_SERVER['HTTP_HOST']) .
|
'https?:\/\/' . $_SERVER['HTTP_HOST']) .
|
||||||
preg_quote($config['root'], '/') .
|
preg_quote($config['root'], '/') .
|
||||||
'(' .
|
'(' .
|
||||||
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
|
str_replace('%s', $config['board_regex'], preg_quote($config['board_path'], '/')) .
|
||||||
'(' .
|
'(' .
|
||||||
preg_quote($config['file_index'], '/') . '|' .
|
preg_quote($config['file_index'], '/') . '|' .
|
||||||
str_replace('%d', '\d+', preg_quote($config['file_page'])) .
|
str_replace('%d', '\d+', preg_quote($config['file_page'])) .
|
||||||
')?' .
|
')?' .
|
||||||
'|' .
|
'|' .
|
||||||
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) .
|
str_replace('%s', $config['board_regex'], preg_quote($config['board_path'], '/')) .
|
||||||
preg_quote($config['dir']['res'], '/') .
|
preg_quote($config['dir']['res'], '/') .
|
||||||
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
|
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
|
||||||
'|' .
|
'|' .
|
||||||
preg_quote($config['file_mod'], '/') . '\?\/.+' .
|
preg_quote($config['file_mod'], '/') . '\?\/.+' .
|
||||||
')([#?](.+)?)?$/i';
|
')([#?](.+)?)?$/ui';
|
||||||
} else {
|
} else {
|
||||||
// CLI mode
|
// CLI mode
|
||||||
$config['referer_match'] = '//';
|
$config['referer_match'] = '//';
|
||||||
@ -1468,7 +1468,7 @@ function markup(&$body, $track_cites = false) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Cross-board linking
|
// Cross-board linking
|
||||||
if (preg_match_all('/(^|\s)>>>\/(\w+?)\/(\d+)?([\s,.)?]|$)/m', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
|
if (preg_match_all('/(^|\s)>>>\/(' . $config['board_regex'] . 'f?)\/(\d+)?([\s,.)?]|$)/um', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
|
||||||
if (count($cites[0]) > $config['max_cites']) {
|
if (count($cites[0]) > $config['max_cites']) {
|
||||||
error($config['error']['toomanycross']);
|
error($config['error']['toomanycross']);
|
||||||
}
|
}
|
||||||
|
@ -443,7 +443,7 @@ function mod_new_board() {
|
|||||||
if ($_POST['title'] == '')
|
if ($_POST['title'] == '')
|
||||||
error(sprintf($config['error']['required'], 'title'));
|
error(sprintf($config['error']['required'], 'title'));
|
||||||
|
|
||||||
if (!preg_match('/^\w+$/', $_POST['uri']))
|
if (!preg_match('/^' . $config['board_regex'] . '$/u', $_POST['uri']))
|
||||||
error(sprintf($config['error']['invalidfield'], 'URI'));
|
error(sprintf($config['error']['invalidfield'], 'URI'));
|
||||||
|
|
||||||
if (openBoard($_POST['uri'])) {
|
if (openBoard($_POST['uri'])) {
|
||||||
@ -746,7 +746,6 @@ function mod_page_ip($ip) {
|
|||||||
openBoard($board['uri']);
|
openBoard($board['uri']);
|
||||||
if (!hasPermission($config['mod']['show_ip'], $board['uri']))
|
if (!hasPermission($config['mod']['show_ip'], $board['uri']))
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
|
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
|
||||||
$query->bindValue(':ip', $ip);
|
$query->bindValue(':ip', $ip);
|
||||||
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
|
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
|
||||||
@ -1420,7 +1419,7 @@ function mod_user($uid) {
|
|||||||
|
|
||||||
$boards = array();
|
$boards = array();
|
||||||
foreach ($_POST as $name => $value) {
|
foreach ($_POST as $name => $value) {
|
||||||
if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards))
|
if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards))
|
||||||
$boards[] = $matches[1];
|
$boards[] = $matches[1];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1541,7 +1540,7 @@ function mod_user_new() {
|
|||||||
|
|
||||||
$boards = array();
|
$boards = array();
|
||||||
foreach ($_POST as $name => $value) {
|
foreach ($_POST as $name => $value) {
|
||||||
if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards))
|
if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards))
|
||||||
$boards[] = $matches[1];
|
$boards[] = $matches[1];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -2135,7 +2134,7 @@ function mod_debug_antispam() {
|
|||||||
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
|
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
|
||||||
|
|
||||||
if (isset($_POST['purge'])) {
|
if (isset($_POST['purge'])) {
|
||||||
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
|
$query = prepare(', DATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
|
||||||
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
|
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
|
||||||
$query->execute() or error(db_error());
|
$query->execute() or error(db_error());
|
||||||
}
|
}
|
||||||
|
23
install.php
23
install.php
@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
|
|
||||||
// Installation/upgrade file
|
// Installation/upgrade file
|
||||||
define('VERSION', 'v0.9.6-dev-10');
|
define('VERSION', 'v0.9.6-dev-11');
|
||||||
|
|
||||||
require 'inc/functions.php';
|
require 'inc/functions.php';
|
||||||
|
|
||||||
@ -300,10 +300,6 @@ if (file_exists($config['has_installed'])) {
|
|||||||
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
|
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
|
||||||
CHANGE `body` `body` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL ,
|
CHANGE `body` `body` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL ,
|
||||||
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or error(db_error());
|
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or error(db_error());
|
||||||
__query("ALTER TABLE `ip_notes`
|
|
||||||
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
|
|
||||||
CHANGE `body` `body` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL ,
|
|
||||||
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or error(db_error());
|
|
||||||
__query("ALTER TABLE `modlogs`
|
__query("ALTER TABLE `modlogs`
|
||||||
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
|
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
|
||||||
CHANGE `board` `board` VARCHAR( 120 ) CHARACTER SET ASCII COLLATE ascii_general_ci NULL DEFAULT NULL ,
|
CHANGE `board` `board` VARCHAR( 120 ) CHARACTER SET ASCII COLLATE ascii_general_ci NULL DEFAULT NULL ,
|
||||||
@ -343,6 +339,23 @@ if (file_exists($config['has_installed'])) {
|
|||||||
CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL ,
|
CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL ,
|
||||||
CHANGE `value` `value` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL ,
|
CHANGE `value` `value` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL ,
|
||||||
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or eror(db_error());
|
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or eror(db_error());
|
||||||
|
case 'v0.9.6-dev-10':
|
||||||
|
query("ALTER TABLE `antispam`
|
||||||
|
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;") or error(db_error());
|
||||||
|
query("ALTER TABLE `bans`
|
||||||
|
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;") or error(db_error());
|
||||||
|
query("ALTER TABLE `boards`
|
||||||
|
CHANGE `uri` `uri` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;") or error(db_error());
|
||||||
|
query("ALTER TABLE `cites`
|
||||||
|
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
|
||||||
|
CHANGE `target_board` `target_board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
|
||||||
|
DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;") or error(db_error());
|
||||||
|
query("ALTER TABLE `modlogs`
|
||||||
|
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;") or error(db_error());
|
||||||
|
query("ALTER TABLE `mods`
|
||||||
|
CHANGE `boards` `boards` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;") or error(db_error());
|
||||||
|
query("ALTER TABLE `reports`
|
||||||
|
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;") or error(db_error());
|
||||||
case false:
|
case false:
|
||||||
// Update version number
|
// Update version number
|
||||||
file_write($config['has_installed'], VERSION);
|
file_write($config['has_installed'], VERSION);
|
||||||
|
22
install.sql
22
install.sql
@ -22,7 +22,7 @@ SET time_zone = "+00:00";
|
|||||||
--
|
--
|
||||||
|
|
||||||
CREATE TABLE IF NOT EXISTS `antispam` (
|
CREATE TABLE IF NOT EXISTS `antispam` (
|
||||||
`board` varchar(120) CHARACTER SET ascii NOT NULL,
|
`board` varchar(58) CHARACTER SET utf8 NOT NULL,
|
||||||
`thread` int(11) DEFAULT NULL,
|
`thread` int(11) DEFAULT NULL,
|
||||||
`hash` char(40) COLLATE ascii_bin NOT NULL,
|
`hash` char(40) COLLATE ascii_bin NOT NULL,
|
||||||
`created` int(11) NOT NULL,
|
`created` int(11) NOT NULL,
|
||||||
@ -45,7 +45,7 @@ CREATE TABLE IF NOT EXISTS `bans` (
|
|||||||
`set` int(11) NOT NULL,
|
`set` int(11) NOT NULL,
|
||||||
`expires` int(11) DEFAULT NULL,
|
`expires` int(11) DEFAULT NULL,
|
||||||
`reason` text,
|
`reason` text,
|
||||||
`board` varchar(120) CHARACTER SET ascii DEFAULT NULL,
|
`board` varchar(58) CHARACTER SET utf8 DEFAULT NULL,
|
||||||
`seen` tinyint(1) NOT NULL,
|
`seen` tinyint(1) NOT NULL,
|
||||||
PRIMARY KEY (`id`),
|
PRIMARY KEY (`id`),
|
||||||
FULLTEXT KEY `ip` (`ip`)
|
FULLTEXT KEY `ip` (`ip`)
|
||||||
@ -58,7 +58,7 @@ CREATE TABLE IF NOT EXISTS `bans` (
|
|||||||
--
|
--
|
||||||
|
|
||||||
CREATE TABLE IF NOT EXISTS `boards` (
|
CREATE TABLE IF NOT EXISTS `boards` (
|
||||||
`uri` varchar(120) CHARACTER SET ascii NOT NULL,
|
`uri` varchar(58) CHARACTER SET utf8 NOT NULL,
|
||||||
`title` tinytext NOT NULL,
|
`title` tinytext NOT NULL,
|
||||||
`subtitle` tinytext,
|
`subtitle` tinytext,
|
||||||
PRIMARY KEY (`uri`)
|
PRIMARY KEY (`uri`)
|
||||||
@ -78,13 +78,13 @@ INSERT INTO `boards` VALUES
|
|||||||
--
|
--
|
||||||
|
|
||||||
CREATE TABLE IF NOT EXISTS `cites` (
|
CREATE TABLE IF NOT EXISTS `cites` (
|
||||||
`board` varchar(120) NOT NULL,
|
`board` varchar(58) NOT NULL,
|
||||||
`post` int(11) NOT NULL,
|
`post` int(11) NOT NULL,
|
||||||
`target_board` varchar(120) NOT NULL,
|
`target_board` varchar(58) NOT NULL,
|
||||||
`target` int(11) NOT NULL,
|
`target` int(11) NOT NULL,
|
||||||
KEY `target` (`target_board`,`target`),
|
KEY `target` (`target_board`,`target`),
|
||||||
KEY `post` (`board`,`post`)
|
KEY `post` (`board`,`post`)
|
||||||
) ENGINE=MyISAM DEFAULT CHARSET=ascii;
|
) ENGINE=MyISAM DEFAULT CHARSET=utf8;
|
||||||
|
|
||||||
-- --------------------------------------------------------
|
-- --------------------------------------------------------
|
||||||
|
|
||||||
@ -111,7 +111,7 @@ CREATE TABLE IF NOT EXISTS `ip_notes` (
|
|||||||
CREATE TABLE IF NOT EXISTS `modlogs` (
|
CREATE TABLE IF NOT EXISTS `modlogs` (
|
||||||
`mod` int(11) NOT NULL,
|
`mod` int(11) NOT NULL,
|
||||||
`ip` varchar(39) CHARACTER SET ascii NOT NULL,
|
`ip` varchar(39) CHARACTER SET ascii NOT NULL,
|
||||||
`board` varchar(120) CHARACTER SET ascii DEFAULT NULL,
|
`board` varchar(58) CHARACTER SET utf8 DEFAULT NULL,
|
||||||
`time` int(11) NOT NULL,
|
`time` int(11) NOT NULL,
|
||||||
`text` text NOT NULL,
|
`text` text NOT NULL,
|
||||||
KEY `time` (`time`)
|
KEY `time` (`time`)
|
||||||
@ -129,10 +129,10 @@ CREATE TABLE IF NOT EXISTS `mods` (
|
|||||||
`password` char(64) CHARACTER SET ascii NOT NULL COMMENT 'SHA256',
|
`password` char(64) CHARACTER SET ascii NOT NULL COMMENT 'SHA256',
|
||||||
`salt` char(32) CHARACTER SET ascii NOT NULL,
|
`salt` char(32) CHARACTER SET ascii NOT NULL,
|
||||||
`type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin',
|
`type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin',
|
||||||
`boards` text CHARACTER SET ascii NOT NULL,
|
`boards` text CHARACTER SET utf8 NOT NULL,
|
||||||
PRIMARY KEY (`id`),
|
PRIMARY KEY (`id`),
|
||||||
UNIQUE KEY `id` (`id`,`username`)
|
UNIQUE KEY `id` (`id`,`username`)
|
||||||
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=4 ;
|
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=5 ;
|
||||||
|
|
||||||
--
|
--
|
||||||
-- Dumping data for table `mods`
|
-- Dumping data for table `mods`
|
||||||
@ -210,11 +210,11 @@ CREATE TABLE IF NOT EXISTS `reports` (
|
|||||||
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
|
||||||
`time` int(11) NOT NULL,
|
`time` int(11) NOT NULL,
|
||||||
`ip` varchar(39) CHARACTER SET ascii NOT NULL,
|
`ip` varchar(39) CHARACTER SET ascii NOT NULL,
|
||||||
`board` varchar(120) CHARACTER SET ascii DEFAULT NULL,
|
`board` varchar(58) CHARACTER SET utf8 DEFAULT NULL,
|
||||||
`post` int(11) NOT NULL,
|
`post` int(11) NOT NULL,
|
||||||
`reason` text NOT NULL,
|
`reason` text NOT NULL,
|
||||||
PRIMARY KEY (`id`)
|
PRIMARY KEY (`id`)
|
||||||
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=3 ;
|
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
|
||||||
|
|
||||||
-- --------------------------------------------------------
|
-- --------------------------------------------------------
|
||||||
|
|
||||||
|
33
mod.php
33
mod.php
@ -18,7 +18,7 @@ if (get_magic_quotes_gpc()) {
|
|||||||
$_POST = strip_array($_POST);
|
$_POST = strip_array($_POST);
|
||||||
}
|
}
|
||||||
|
|
||||||
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : '';
|
$query = isset($_SERVER['QUERY_STRING']) ? urldecode($_SERVER['QUERY_STRING']) : '';
|
||||||
|
|
||||||
$pages = array(
|
$pages = array(
|
||||||
'' => ':?/', // redirect to dashboard
|
'' => ':?/', // redirect to dashboard
|
||||||
@ -45,7 +45,7 @@ $pages = array(
|
|||||||
'/news/(\d+)' => 'news', // view news
|
'/news/(\d+)' => 'news', // view news
|
||||||
'/news/delete/(\d+)' => 'news_delete', // delete from news
|
'/news/delete/(\d+)' => 'news_delete', // delete from news
|
||||||
|
|
||||||
'/edit/(\w+)' => 'edit_board', // edit board details
|
'/edit/(\%b)' => 'edit_board', // edit board details
|
||||||
'/new-board' => 'new_board', // create a new board
|
'/new-board' => 'new_board', // create a new board
|
||||||
|
|
||||||
'/rebuild' => 'rebuild', // rebuild static files
|
'/rebuild' => 'rebuild', // rebuild static files
|
||||||
@ -63,15 +63,15 @@ $pages = array(
|
|||||||
|
|
||||||
// CSRF-protected moderator actions
|
// CSRF-protected moderator actions
|
||||||
'/ban' => 'secure_POST ban', // new ban
|
'/ban' => 'secure_POST ban', // new ban
|
||||||
'/(\w+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
|
'/(\%b)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
|
||||||
'/(\w+)/move/(\d+)' => 'secure_POST move', // move thread
|
'/(\%b)/move/(\d+)' => 'secure_POST move', // move thread
|
||||||
'/(\w+)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
|
'/(\%b)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
|
||||||
'/(\w+)/delete/(\d+)' => 'secure delete', // delete post
|
'/(\%b)/delete/(\d+)' => 'secure delete', // delete post
|
||||||
'/(\w+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
|
'/(\%b)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
|
||||||
'/(\w+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
|
'/(\%b)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
|
||||||
'/(\w+)/(un)?lock/(\d+)' => 'secure lock', // lock thread
|
'/(\%b)/(un)?lock/(\d+)' => 'secure lock', // lock thread
|
||||||
'/(\w+)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread
|
'/(\%b)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread
|
||||||
'/(\w+)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread
|
'/(\%b)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread
|
||||||
|
|
||||||
'/themes' => 'themes_list', // manage themes
|
'/themes' => 'themes_list', // manage themes
|
||||||
'/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme
|
'/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme
|
||||||
@ -86,10 +86,10 @@ $pages = array(
|
|||||||
'/debug/sql' => 'secure_POST debug_sql',
|
'/debug/sql' => 'secure_POST debug_sql',
|
||||||
|
|
||||||
// This should always be at the end:
|
// This should always be at the end:
|
||||||
'/(\w+)/' => 'view_board',
|
'/(\%b)/' => 'view_board',
|
||||||
'/(\w+)/' . preg_quote($config['file_index'], '!') => 'view_board',
|
'/(\%b)/' . preg_quote($config['file_index'], '!') => 'view_board',
|
||||||
'/(\w+)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board',
|
'/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board',
|
||||||
'/(\w+)/' . preg_quote($config['dir']['res'], '!') .
|
'/(\%b)/' . preg_quote($config['dir']['res'], '!') .
|
||||||
str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread',
|
str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread',
|
||||||
);
|
);
|
||||||
|
|
||||||
@ -109,7 +109,8 @@ $new_pages = array();
|
|||||||
foreach ($pages as $key => $callback) {
|
foreach ($pages as $key => $callback) {
|
||||||
if (is_string($callback) && preg_match('/^secure /', $callback))
|
if (is_string($callback) && preg_match('/^secure /', $callback))
|
||||||
$key .= '(/(?P<token>[a-f0-9]{8}))?';
|
$key .= '(/(?P<token>[a-f0-9]{8}))?';
|
||||||
$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!'] = $callback;
|
$key = str_replace('\%b', $config['board_regex'], $key);
|
||||||
|
$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
|
||||||
}
|
}
|
||||||
$pages = $new_pages;
|
$pages = $new_pages;
|
||||||
|
|
||||||
|
6
post.php
6
post.php
@ -170,7 +170,7 @@ if (isset($_POST['delete'])) {
|
|||||||
error($config['error']['bot']);
|
error($config['error']['bot']);
|
||||||
|
|
||||||
// Check the referrer
|
// Check the referrer
|
||||||
if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER']))
|
if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], urldecode($_SERVER['HTTP_REFERER'])))
|
||||||
error($config['error']['referer']);
|
error($config['error']['referer']);
|
||||||
|
|
||||||
checkDNSBL();
|
checkDNSBL();
|
||||||
@ -547,9 +547,9 @@ if (isset($_POST['delete'])) {
|
|||||||
// Remove board directories before inserting them into the database.
|
// Remove board directories before inserting them into the database.
|
||||||
if ($post['has_file']) {
|
if ($post['has_file']) {
|
||||||
$post['file_path'] = $post['file'];
|
$post['file_path'] = $post['file'];
|
||||||
$post['file'] = substr_replace($post['file'], '', 0, mb_strlen($board['dir'] . $config['dir']['img']));
|
$post['file'] = mb_substr($post['file'], mb_strlen($board['dir'] . $config['dir']['img']));
|
||||||
if ($is_an_image && $post['thumb'] != 'spoiler')
|
if ($is_an_image && $post['thumb'] != 'spoiler')
|
||||||
$post['thumb'] = substr_replace($post['thumb'], '', 0, mb_strlen($board['dir'] . $config['dir']['thumb']));
|
$post['thumb'] = mb_substr($post['thumb'], mb_strlen($board['dir'] . $config['dir']['thumb']));
|
||||||
}
|
}
|
||||||
|
|
||||||
$post = (object)$post;
|
$post = (object)$post;
|
||||||
|
Loading…
Reference in New Issue
Block a user