Cool_Tools/vichan
1
0
Fork 0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-27 17:00:52 +01:00
Code Releases Wiki Activity

Allow Unicode in board URIs.

Browse Source
This commit is contained in:
Michael Foster 2013-07-31 02:08:55 -04:00
parent 3bee1ba4fd
commit 42cba53887
8 changed files with 63 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
inc/config.php
View File

@ -1130,6 +1130,9 @@
// 'type' => 'scp' // 'type' => 'scp'
//); //);
// Regex for board URIs
$config['board_regex'] = '[0-9a-zA-Z$_\x{0080}-\x{FFFF}]{1,58}';
// Complex regular expression to catch URLs // Complex regular expression to catch URLs
$config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(:\d+)?' . '(\/([\w\-~.#\/?=&;:+%!*\[\]@$\'()+,|\^]+)?)?' . '/'; $config['url_regex'] = '/' . '(https?|ftp):\/\/' . '(([\w\-]+\.)+[a-zA-Z]{2,6}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})' . '(:\d+)?' . '(\/([\w\-~.#\/?=&;:+%!*\[\]@$\'()+,|\^]+)?)?' . '/';

6
inc/display.php
View File

@ -235,7 +235,7 @@ function bidi_cleanup($str){
function secure_link_confirm($text, $title, $confirm_message, $href) { function secure_link_confirm($text, $title, $confirm_message, $href) {
global $config; global $config;
return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlentities(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>'; return '<a onclick="if (event.which==2) return true;if (confirm(\'' . htmlentities(addslashes($confirm_message)) . '\')) document.location=\'?/' . htmlspecialchars(addslashes($href . '/' . make_secure_link_token($href))) . '\';return false;" title="' . htmlentities($title) . '" href="?/' . $href . '">' . $text . '</a>';
} }
function secure_link($href) { function secure_link($href) {
return $href . '/' . make_secure_link_token($href); return $href . '/' . make_secure_link_token($href);
@ -299,7 +299,7 @@ class Post {
// Fix internal links // Fix internal links
// Very complicated regex // Very complicated regex
$this->body = preg_replace( $this->body = preg_replace(
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/', '/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), $config['board_regex']) . ')/u',
'<a $1href="?/$4', '<a $1href="?/$4',
$this->body $this->body
); );
@ -398,7 +398,7 @@ class Thread {
// Fix internal links // Fix internal links
// Very complicated regex // Very complicated regex
$this->body = preg_replace( $this->body = preg_replace(
'/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), '\w+') . ')/', '/<a((([a-zA-Z]+="[^"]+")|[a-zA-Z]+=[a-zA-Z]+|\s)*)href="' . preg_quote($config['root'], '/') . '(' . sprintf(preg_quote($config['board_path'], '/'), $config['board_regex']) . ')/u',
'<a $1href="?/$4', '<a $1href="?/$4',
$this->body $this->body
); );

8
inc/functions.php
View File

@ -98,18 +98,18 @@ function loadConfig() {
'https?:\/\/' . $_SERVER['HTTP_HOST']) . 'https?:\/\/' . $_SERVER['HTTP_HOST']) .
preg_quote($config['root'], '/') . preg_quote($config['root'], '/') .
'(' . '(' .
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . str_replace('%s', $config['board_regex'], preg_quote($config['board_path'], '/')) .
'(' . '(' .
preg_quote($config['file_index'], '/') . '|' . preg_quote($config['file_index'], '/') . '|' .
str_replace('%d', '\d+', preg_quote($config['file_page'])) . str_replace('%d', '\d+', preg_quote($config['file_page'])) .
')?' . ')?' .
'|' . '|' .
str_replace('%s', '\w+', preg_quote($config['board_path'], '/')) . str_replace('%s', $config['board_regex'], preg_quote($config['board_path'], '/')) .
preg_quote($config['dir']['res'], '/') . preg_quote($config['dir']['res'], '/') .
str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) . str_replace('%d', '\d+', preg_quote($config['file_page'], '/')) .
'|' . '|' .
preg_quote($config['file_mod'], '/') . '\?\/.+' . preg_quote($config['file_mod'], '/') . '\?\/.+' .
')([#?](.+)?)?$/i'; ')([#?](.+)?)?$/ui';
} else { } else {
// CLI mode // CLI mode
$config['referer_match'] = '//'; $config['referer_match'] = '//';
@ -1468,7 +1468,7 @@ function markup(&$body, $track_cites = false) {
} }
// Cross-board linking // Cross-board linking
if (preg_match_all('/(^|\s)&gt;&gt;&gt;\/(\w+?)\/(\d+)?([\s,.)?]|$)/m', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) { if (preg_match_all('/(^|\s)&gt;&gt;&gt;\/(' . $config['board_regex'] . 'f?)\/(\d+)?([\s,.)?]|$)/um', $body, $cites, PREG_SET_ORDER | PREG_OFFSET_CAPTURE)) {
if (count($cites[0]) > $config['max_cites']) { if (count($cites[0]) > $config['max_cites']) {
error($config['error']['toomanycross']); error($config['error']['toomanycross']);
} }

9
inc/mod/pages.php
View File

@ -443,7 +443,7 @@ function mod_new_board() {
if ($_POST['title'] == '') if ($_POST['title'] == '')
error(sprintf($config['error']['required'], 'title')); error(sprintf($config['error']['required'], 'title'));
if (!preg_match('/^\w+$/', $_POST['uri'])) if (!preg_match('/^' . $config['board_regex'] . '$/u', $_POST['uri']))
error(sprintf($config['error']['invalidfield'], 'URI')); error(sprintf($config['error']['invalidfield'], 'URI'));
if (openBoard($_POST['uri'])) { if (openBoard($_POST['uri'])) {
@ -746,7 +746,6 @@ function mod_page_ip($ip) {
openBoard($board['uri']); openBoard($board['uri']);
if (!hasPermission($config['mod']['show_ip'], $board['uri'])) if (!hasPermission($config['mod']['show_ip'], $board['uri']))
continue; continue;
$query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri'])); $query = prepare(sprintf('SELECT * FROM `posts_%s` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
$query->bindValue(':ip', $ip); $query->bindValue(':ip', $ip);
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT); $query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
@ -1420,7 +1419,7 @@ function mod_user($uid) {
$boards = array(); $boards = array();
foreach ($_POST as $name => $value) { foreach ($_POST as $name => $value) {
if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards)) if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards))
$boards[] = $matches[1]; $boards[] = $matches[1];
} }
} }
@ -1541,7 +1540,7 @@ function mod_user_new() {
$boards = array(); $boards = array();
foreach ($_POST as $name => $value) { foreach ($_POST as $name => $value) {
if (preg_match('/^board_(\w+)$/', $name, $matches) && in_array($matches[1], $_boards)) if (preg_match('/^board_(' . $config['board_regex'] . ')$/u', $name, $matches) && in_array($matches[1], $_boards))
$boards[] = $matches[1]; $boards[] = $matches[1];
} }
} }
@ -2135,7 +2134,7 @@ function mod_debug_antispam() {
$where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']); $where .= ' AND `thread` = ' . $pdo->quote($_POST['thread']);
if (isset($_POST['purge'])) { if (isset($_POST['purge'])) {
$query = prepare('UPDATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where); $query = prepare(', DATE `antispam` SET `expires` = UNIX_TIMESTAMP() + :expires WHERE' . $where);
$query->bindValue(':expires', $config['spam']['hidden_inputs_expire']); $query->bindValue(':expires', $config['spam']['hidden_inputs_expire']);
$query->execute() or error(db_error()); $query->execute() or error(db_error());
} }

23
install.php
View File

@ -1,7 +1,7 @@
<?php <?php
// Installation/upgrade file // Installation/upgrade file
define('VERSION', 'v0.9.6-dev-10'); define('VERSION', 'v0.9.6-dev-11');
require 'inc/functions.php'; require 'inc/functions.php';
@ -300,10 +300,6 @@ if (file_exists($config['has_installed'])) {
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL , CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
CHANGE `body` `body` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL , CHANGE `body` `body` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL ,
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or error(db_error()); DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or error(db_error());
__query("ALTER TABLE `ip_notes`
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
CHANGE `body` `body` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NOT NULL ,
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or error(db_error());
__query("ALTER TABLE `modlogs` __query("ALTER TABLE `modlogs`
CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL , CHANGE `ip` `ip` VARCHAR( 39 ) CHARACTER SET ASCII COLLATE ascii_general_ci NOT NULL ,
CHANGE `board` `board` VARCHAR( 120 ) CHARACTER SET ASCII COLLATE ascii_general_ci NULL DEFAULT NULL , CHANGE `board` `board` VARCHAR( 120 ) CHARACTER SET ASCII COLLATE ascii_general_ci NULL DEFAULT NULL ,
@ -343,6 +339,23 @@ if (file_exists($config['has_installed'])) {
CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL , CHANGE `name` `name` VARCHAR( 40 ) CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL ,
CHANGE `value` `value` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL , CHANGE `value` `value` TEXT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci NULL DEFAULT NULL ,
DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or eror(db_error()); DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;") or eror(db_error());
case 'v0.9.6-dev-10':
query("ALTER TABLE `antispam`
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;") or error(db_error());
query("ALTER TABLE `bans`
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;") or error(db_error());
query("ALTER TABLE `boards`
CHANGE `uri` `uri` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;") or error(db_error());
query("ALTER TABLE `cites`
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
CHANGE `target_board` `target_board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL ,
DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;") or error(db_error());
query("ALTER TABLE `modlogs`
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;") or error(db_error());
query("ALTER TABLE `mods`
CHANGE `boards` `boards` TEXT CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL;") or error(db_error());
query("ALTER TABLE `reports`
CHANGE `board` `board` VARCHAR( 58 ) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL;") or error(db_error());
case false: case false:
// Update version number // Update version number
file_write($config['has_installed'], VERSION); file_write($config['has_installed'], VERSION);

22
install.sql
View File

@ -22,7 +22,7 @@ SET time_zone = "+00:00";
-- --
CREATE TABLE IF NOT EXISTS `antispam` ( CREATE TABLE IF NOT EXISTS `antispam` (
`board` varchar(120) CHARACTER SET ascii NOT NULL, `board` varchar(58) CHARACTER SET utf8 NOT NULL,
`thread` int(11) DEFAULT NULL, `thread` int(11) DEFAULT NULL,
`hash` char(40) COLLATE ascii_bin NOT NULL, `hash` char(40) COLLATE ascii_bin NOT NULL,
`created` int(11) NOT NULL, `created` int(11) NOT NULL,
@ -45,7 +45,7 @@ CREATE TABLE IF NOT EXISTS `bans` (
`set` int(11) NOT NULL, `set` int(11) NOT NULL,
`expires` int(11) DEFAULT NULL, `expires` int(11) DEFAULT NULL,
`reason` text, `reason` text,
`board` varchar(120) CHARACTER SET ascii DEFAULT NULL, `board` varchar(58) CHARACTER SET utf8 DEFAULT NULL,
`seen` tinyint(1) NOT NULL, `seen` tinyint(1) NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
FULLTEXT KEY `ip` (`ip`) FULLTEXT KEY `ip` (`ip`)
@ -58,7 +58,7 @@ CREATE TABLE IF NOT EXISTS `bans` (
-- --
CREATE TABLE IF NOT EXISTS `boards` ( CREATE TABLE IF NOT EXISTS `boards` (
`uri` varchar(120) CHARACTER SET ascii NOT NULL, `uri` varchar(58) CHARACTER SET utf8 NOT NULL,
`title` tinytext NOT NULL, `title` tinytext NOT NULL,
`subtitle` tinytext, `subtitle` tinytext,
PRIMARY KEY (`uri`) PRIMARY KEY (`uri`)
@ -78,13 +78,13 @@ INSERT INTO `boards` VALUES
-- --
CREATE TABLE IF NOT EXISTS `cites` ( CREATE TABLE IF NOT EXISTS `cites` (
`board` varchar(120) NOT NULL, `board` varchar(58) NOT NULL,
`post` int(11) NOT NULL, `post` int(11) NOT NULL,
`target_board` varchar(120) NOT NULL, `target_board` varchar(58) NOT NULL,
`target` int(11) NOT NULL, `target` int(11) NOT NULL,
KEY `target` (`target_board`,`target`), KEY `target` (`target_board`,`target`),
KEY `post` (`board`,`post`) KEY `post` (`board`,`post`)
) ENGINE=MyISAM DEFAULT CHARSET=ascii; ) ENGINE=MyISAM DEFAULT CHARSET=utf8;
-- -------------------------------------------------------- -- --------------------------------------------------------
@ -111,7 +111,7 @@ CREATE TABLE IF NOT EXISTS `ip_notes` (
CREATE TABLE IF NOT EXISTS `modlogs` ( CREATE TABLE IF NOT EXISTS `modlogs` (
`mod` int(11) NOT NULL, `mod` int(11) NOT NULL,
`ip` varchar(39) CHARACTER SET ascii NOT NULL, `ip` varchar(39) CHARACTER SET ascii NOT NULL,
`board` varchar(120) CHARACTER SET ascii DEFAULT NULL, `board` varchar(58) CHARACTER SET utf8 DEFAULT NULL,
`time` int(11) NOT NULL, `time` int(11) NOT NULL,
`text` text NOT NULL, `text` text NOT NULL,
KEY `time` (`time`) KEY `time` (`time`)
@ -129,10 +129,10 @@ CREATE TABLE IF NOT EXISTS `mods` (
`password` char(64) CHARACTER SET ascii NOT NULL COMMENT 'SHA256', `password` char(64) CHARACTER SET ascii NOT NULL COMMENT 'SHA256',
`salt` char(32) CHARACTER SET ascii NOT NULL, `salt` char(32) CHARACTER SET ascii NOT NULL,
`type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin', `type` smallint(1) NOT NULL COMMENT '0: janitor, 1: mod, 2: admin',
`boards` text CHARACTER SET ascii NOT NULL, `boards` text CHARACTER SET utf8 NOT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
UNIQUE KEY `id` (`id`,`username`) UNIQUE KEY `id` (`id`,`username`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=4 ; ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=5 ;
-- --
-- Dumping data for table `mods` -- Dumping data for table `mods`
@ -210,11 +210,11 @@ CREATE TABLE IF NOT EXISTS `reports` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT, `id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`time` int(11) NOT NULL, `time` int(11) NOT NULL,
`ip` varchar(39) CHARACTER SET ascii NOT NULL, `ip` varchar(39) CHARACTER SET ascii NOT NULL,
`board` varchar(120) CHARACTER SET ascii DEFAULT NULL, `board` varchar(58) CHARACTER SET utf8 DEFAULT NULL,
`post` int(11) NOT NULL, `post` int(11) NOT NULL,
`reason` text NOT NULL, `reason` text NOT NULL,
PRIMARY KEY (`id`) PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=3 ; ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 AUTO_INCREMENT=1 ;
-- -------------------------------------------------------- -- --------------------------------------------------------

33
mod.php
View File

@ -18,7 +18,7 @@ if (get_magic_quotes_gpc()) {
$_POST = strip_array($_POST); $_POST = strip_array($_POST);
} }
$query = isset($_SERVER['QUERY_STRING']) ? $_SERVER['QUERY_STRING'] : ''; $query = isset($_SERVER['QUERY_STRING']) ? urldecode($_SERVER['QUERY_STRING']) : '';
$pages = array( $pages = array(
'' => ':?/', // redirect to dashboard '' => ':?/', // redirect to dashboard
@ -45,7 +45,7 @@ $pages = array(
'/news/(\d+)' => 'news', // view news '/news/(\d+)' => 'news', // view news
'/news/delete/(\d+)' => 'news_delete', // delete from news '/news/delete/(\d+)' => 'news_delete', // delete from news
'/edit/(\w+)' => 'edit_board', // edit board details '/edit/(\%b)' => 'edit_board', // edit board details
'/new-board' => 'new_board', // create a new board '/new-board' => 'new_board', // create a new board
'/rebuild' => 'rebuild', // rebuild static files '/rebuild' => 'rebuild', // rebuild static files
@ -63,15 +63,15 @@ $pages = array(
// CSRF-protected moderator actions // CSRF-protected moderator actions
'/ban' => 'secure_POST ban', // new ban '/ban' => 'secure_POST ban', // new ban
'/(\w+)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster '/(\%b)/ban(&delete)?/(\d+)' => 'secure_POST ban_post', // ban poster
'/(\w+)/move/(\d+)' => 'secure_POST move', // move thread '/(\%b)/move/(\d+)' => 'secure_POST move', // move thread
'/(\w+)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post '/(\%b)/edit(_raw)?/(\d+)' => 'secure_POST edit_post', // edit post
'/(\w+)/delete/(\d+)' => 'secure delete', // delete post '/(\%b)/delete/(\d+)' => 'secure delete', // delete post
'/(\w+)/deletefile/(\d+)' => 'secure deletefile', // delete file from post '/(\%b)/deletefile/(\d+)' => 'secure deletefile', // delete file from post
'/(\w+)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address '/(\%b)/deletebyip/(\d+)(/global)?' => 'secure deletebyip', // delete all posts by IP address
'/(\w+)/(un)?lock/(\d+)' => 'secure lock', // lock thread '/(\%b)/(un)?lock/(\d+)' => 'secure lock', // lock thread
'/(\w+)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread '/(\%b)/(un)?sticky/(\d+)' => 'secure sticky', // sticky thread
'/(\w+)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread '/(\%b)/bump(un)?lock/(\d+)' => 'secure bumplock', // "bumplock" thread
'/themes' => 'themes_list', // manage themes '/themes' => 'themes_list', // manage themes
'/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme '/themes/(\w+)' => 'theme_configure', // configure/reconfigure theme
@ -86,10 +86,10 @@ $pages = array(
'/debug/sql' => 'secure_POST debug_sql', '/debug/sql' => 'secure_POST debug_sql',
// This should always be at the end: // This should always be at the end:
'/(\w+)/' => 'view_board', '/(\%b)/' => 'view_board',
'/(\w+)/' . preg_quote($config['file_index'], '!') => 'view_board', '/(\%b)/' . preg_quote($config['file_index'], '!') => 'view_board',
'/(\w+)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board', '/(\%b)/' . str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_board',
'/(\w+)/' . preg_quote($config['dir']['res'], '!') . '/(\%b)/' . preg_quote($config['dir']['res'], '!') .
str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread', str_replace('%d', '(\d+)', preg_quote($config['file_page'], '!')) => 'view_thread',
); );
@ -109,7 +109,8 @@ $new_pages = array();
foreach ($pages as $key => $callback) { foreach ($pages as $key => $callback) {
if (is_string($callback) && preg_match('/^secure /', $callback)) if (is_string($callback) && preg_match('/^secure /', $callback))
$key .= '(/(?P<token>[a-f0-9]{8}))?'; $key .= '(/(?P<token>[a-f0-9]{8}))?';
$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!'] = $callback; $key = str_replace('\%b', $config['board_regex'], $key);
$new_pages[@$key[0] == '!' ? $key : '!^' . $key . '(?:&[^&=]+=[^&]*)*$!u'] = $callback;
} }
$pages = $new_pages; $pages = $new_pages;

6
post.php
View File

@ -170,7 +170,7 @@ if (isset($_POST['delete'])) {
error($config['error']['bot']); error($config['error']['bot']);
// Check the referrer // Check the referrer
if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], $_SERVER['HTTP_REFERER'])) if (!isset($_SERVER['HTTP_REFERER']) || !preg_match($config['referer_match'], urldecode($_SERVER['HTTP_REFERER'])))
error($config['error']['referer']); error($config['error']['referer']);
checkDNSBL(); checkDNSBL();
@ -547,9 +547,9 @@ if (isset($_POST['delete'])) {
// Remove board directories before inserting them into the database. // Remove board directories before inserting them into the database.
if ($post['has_file']) { if ($post['has_file']) {
$post['file_path'] = $post['file']; $post['file_path'] = $post['file'];
$post['file'] = substr_replace($post['file'], '', 0, mb_strlen($board['dir'] . $config['dir']['img'])); $post['file'] = mb_substr($post['file'], mb_strlen($board['dir'] . $config['dir']['img']));
if ($is_an_image && $post['thumb'] != 'spoiler') if ($is_an_image && $post['thumb'] != 'spoiler')
$post['thumb'] = substr_replace($post['thumb'], '', 0, mb_strlen($board['dir'] . $config['dir']['thumb'])); $post['thumb'] = mb_substr($post['thumb'], mb_strlen($board['dir'] . $config['dir']['thumb']));
} }
$post = (object)$post; $post = (object)$post;