From 61cdca7207781cc90fd4bb457398c5d159888df4 Mon Sep 17 00:00:00 2001 From: vholmes Date: Wed, 15 Feb 2017 23:07:50 -0200 Subject: [PATCH 1/2] Prevents reports with too many characters --- inc/config.php | 2 +- post.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 7a2f603d..113555b3 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1179,7 +1179,7 @@ $config['error']['toomanycross'] = _('Too many cross-board links; post discarded.'); $config['error']['nodelete'] = _('You didn\'t select anything to delete.'); $config['error']['noreport'] = _('You didn\'t select anything to report.'); - $config['error']['invalidreport'] = _('The reason was too long.'); + $config['error']['toolongreport'] = _('The reason was too long.'); $config['error']['toomanyreports'] = _('You can\'t report that many posts at once.'); $config['error']['invalidpassword'] = _('Wrong password…'); $config['error']['invalidimg'] = _('Invalid image.'); diff --git a/post.php b/post.php index 86178cde..081f55d3 100644 --- a/post.php +++ b/post.php @@ -488,6 +488,10 @@ if (isset($_POST['delete'])) { $reason = escape_markup_modifiers($_POST['reason']); markup($reason); + if (strlen($reason) > 30) { + error($config['error']['toolongreport']); + } + foreach ($report as &$id) { $query = prepare(sprintf("SELECT `id`, `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT); From 2a8b69fa775dcffc2ec6a9d3e07ee64db355873e Mon Sep 17 00:00:00 2001 From: Zankaria Date: Fri, 15 Mar 2024 16:37:59 +0100 Subject: [PATCH 2/2] Add maximum report length --- inc/config.php | 3 +++ post.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 113555b3..c55163ab 100644 --- a/inc/config.php +++ b/inc/config.php @@ -937,6 +937,9 @@ // Number of reports you can create at once. $config['report_limit'] = 3; + // Maximum number of characters per report. + $config['report_max_length'] = 30; + // Allow unfiltered HTML in board subtitle. This is useful for placing icons and links. $config['allow_subtitle_html'] = false; diff --git a/post.php b/post.php index 081f55d3..0d9baa07 100644 --- a/post.php +++ b/post.php @@ -488,7 +488,7 @@ if (isset($_POST['delete'])) { $reason = escape_markup_modifiers($_POST['reason']); markup($reason); - if (strlen($reason) > 30) { + if (mb_strlen($reason) > $config['report_max_length']) { error($config['error']['toolongreport']); }