From 61cdca7207781cc90fd4bb457398c5d159888df4 Mon Sep 17 00:00:00 2001 From: vholmes Date: Wed, 15 Feb 2017 23:07:50 -0200 Subject: [PATCH] Prevents reports with too many characters --- inc/config.php | 2 +- post.php | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/inc/config.php b/inc/config.php index 7a2f603d..113555b3 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1179,7 +1179,7 @@ $config['error']['toomanycross'] = _('Too many cross-board links; post discarded.'); $config['error']['nodelete'] = _('You didn\'t select anything to delete.'); $config['error']['noreport'] = _('You didn\'t select anything to report.'); - $config['error']['invalidreport'] = _('The reason was too long.'); + $config['error']['toolongreport'] = _('The reason was too long.'); $config['error']['toomanyreports'] = _('You can\'t report that many posts at once.'); $config['error']['invalidpassword'] = _('Wrong password…'); $config['error']['invalidimg'] = _('Invalid image.'); diff --git a/post.php b/post.php index 86178cde..081f55d3 100644 --- a/post.php +++ b/post.php @@ -488,6 +488,10 @@ if (isset($_POST['delete'])) { $reason = escape_markup_modifiers($_POST['reason']); markup($reason); + if (strlen($reason) > 30) { + error($config['error']['toolongreport']); + } + foreach ($report as &$id) { $query = prepare(sprintf("SELECT `id`, `thread` FROM ``posts_%s`` WHERE `id` = :id", $board['uri'])); $query->bindValue(':id', $id, PDO::PARAM_INT);