mirror of
https://github.com/vichan-devel/vichan.git
synced 2024-11-23 23:20:57 +01:00
[SECURITY] Lessen security impact
post.php: misc fixes
This commit is contained in:
parent
37eaea6312
commit
736e982945
8
mod.php
8
mod.php
@ -94,10 +94,10 @@ $pages = array(
|
||||
'/config/(\%b)' => 'secure_POST config', // config editor
|
||||
|
||||
// these pages aren't listed in the dashboard without $config['debug']
|
||||
'/debug/antispam' => 'debug_antispam',
|
||||
'/debug/recent' => 'debug_recent_posts',
|
||||
'/debug/apc' => 'debug_apc',
|
||||
'/debug/sql' => 'secure_POST debug_sql',
|
||||
//'/debug/antispam' => 'debug_antispam',
|
||||
//'/debug/recent' => 'debug_recent_posts',
|
||||
//'/debug/apc' => 'debug_apc',
|
||||
//'/debug/sql' => 'secure_POST debug_sql',
|
||||
|
||||
// This should always be at the end:
|
||||
'/(\%b)/' => 'view_board',
|
||||
|
6
post.php
6
post.php
@ -210,7 +210,7 @@ if (isset($_POST['delete'])) {
|
||||
error($config['error']['nodelete']);
|
||||
|
||||
foreach ($delete as &$id) {
|
||||
$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
|
||||
$query = prepare(sprintf("SELECT `id`,`thread`,`time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
|
||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
@ -240,7 +240,7 @@ if (isset($_POST['delete'])) {
|
||||
deletePost($id);
|
||||
modLog("User deleted his own post #$id");
|
||||
}
|
||||
|
||||
|
||||
_syslog(LOG_INFO, 'Deleted post: ' .
|
||||
'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
|
||||
);
|
||||
@ -318,7 +318,7 @@ if (isset($_POST['delete'])) {
|
||||
|
||||
$post = $query->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason));
|
||||
$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
|
||||
|
||||
if ($error) {
|
||||
error($error);
|
||||
|
Loading…
Reference in New Issue
Block a user