From 6f0dc29d03322a76cf265d79088852ba4aba7d78 Mon Sep 17 00:00:00 2001 From: 8chan Admin Date: Fri, 25 Oct 2013 01:20:23 +0000 Subject: [PATCH] Don't show users boards they can't control --- inc/bans.php | 18 ++++++++++++------ inc/mod/pages.php | 10 ++++++---- templates/mod/ban_form.html | 6 +++++- templates/mod/dashboard.html | 5 +++++ 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/inc/bans.php b/inc/bans.php index e7b219bb..fbf341c6 100644 --- a/inc/bans.php +++ b/inc/bans.php @@ -154,13 +154,17 @@ class Bans { return $ban_list; } - static public function list_all($offset = 0, $limit = 9001) { + static public function list_all($offset = 0, $limit = 9001, $board = false) { $offset = (int)$offset; $limit = (int)$limit; - $query = query("SELECT ``bans``.*, `username` FROM ``bans`` - LEFT JOIN ``mods`` ON ``mods``.`id` = `creator` - ORDER BY `created` DESC LIMIT $offset, $limit") or error(db_error()); + $query = prepare("SELECT ``bans``.*, `username` FROM ``bans`` + LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`" . ($board ? ' WHERE ``bans``.`board` = :board' : '') . " + ORDER BY `created` DESC LIMIT $offset, $limit"); + if ($board) + $query->bindValue(':board', $board); + + $query->execute() or error(db_error()); $bans = $query->fetchAll(PDO::FETCH_ASSOC); foreach ($bans as &$ban) { @@ -170,8 +174,10 @@ class Bans { return $bans; } - static public function count() { - $query = query("SELECT COUNT(*) FROM ``bans``") or error(db_error()); + static public function count($board = false) { + $query = prepare("SELECT COUNT(*) FROM ``bans`` WHERE `board` = :board"); + $query->bindValue(':board', $board); + $query->execute() or error(db_error()); return (int)$query->fetchColumn(); } diff --git a/inc/mod/pages.php b/inc/mod/pages.php index e0646352..f28dfe27 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -866,7 +866,7 @@ function mod_ban() { } function mod_bans($page_no = 1) { - global $config; + global $config, $mod; if ($page_no < 1) error($config['error']['404']); @@ -892,8 +892,10 @@ function mod_bans($page_no = 1) { header('Location: ?/bans', true, $config['redirect_http']); return; } - - $bans = Bans::list_all(($page_no - 1) * $config['mod']['banlist_page'], $config['mod']['banlist_page']); + + $board = ($mod['boards'][0] == '*' ? false : $mod['boards'][0]); + + $bans = Bans::list_all(($page_no - 1) * $config['mod']['banlist_page'], $config['mod']['banlist_page'], $board); if (empty($bans) && $page_no > 1) error($config['error']['404']); @@ -905,7 +907,7 @@ function mod_bans($page_no = 1) { mod_page(_('Ban list'), 'mod/ban_list.html', array( 'bans' => $bans, - 'count' => Bans::count(), + 'count' => Bans::count($board), 'token' => make_secure_link_token('bans') )); } diff --git a/templates/mod/ban_form.html b/templates/mod/ban_form.html index 6c7560ad..01cfc0a0 100644 --- a/templates/mod/ban_form.html +++ b/templates/mod/ban_form.html @@ -65,20 +65,24 @@ {% trans 'Board' %} diff --git a/templates/mod/dashboard.html b/templates/mod/dashboard.html index 052a326f..105f6376 100644 --- a/templates/mod/dashboard.html +++ b/templates/mod/dashboard.html @@ -1,3 +1,4 @@ +{{ mod.type }}
{% trans 'Boards' %} @@ -16,6 +17,10 @@ {{ board.subtitle|e }} {% endif %} + + {% endif %} + {% if mod.type == "20" %} + [{% trans 'settings' %}] {% endif %} {% if mod|hasPermission(config.mod.manageboards) %} [{% trans 'edit' %}]