1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-23 23:20:57 +01:00

[SECURITY] Lessen security impact

post.php: misc fixes
This commit is contained in:
czaks 2017-05-17 14:03:48 -04:00
parent 37eaea6312
commit 736e982945
2 changed files with 7 additions and 7 deletions

View File

@ -94,10 +94,10 @@ $pages = array(
'/config/(\%b)' => 'secure_POST config', // config editor
// these pages aren't listed in the dashboard without $config['debug']
'/debug/antispam' => 'debug_antispam',
'/debug/recent' => 'debug_recent_posts',
'/debug/apc' => 'debug_apc',
'/debug/sql' => 'secure_POST debug_sql',
//'/debug/antispam' => 'debug_antispam',
//'/debug/recent' => 'debug_recent_posts',
//'/debug/apc' => 'debug_apc',
//'/debug/sql' => 'secure_POST debug_sql',
// This should always be at the end:
'/(\%b)/' => 'view_board',

View File

@ -210,7 +210,7 @@ if (isset($_POST['delete'])) {
error($config['error']['nodelete']);
foreach ($delete as &$id) {
$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("SELECT `id`,`thread`,`time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@ -240,7 +240,7 @@ if (isset($_POST['delete'])) {
deletePost($id);
modLog("User deleted his own post #$id");
}
_syslog(LOG_INFO, 'Deleted post: ' .
'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
);
@ -318,7 +318,7 @@ if (isset($_POST['delete'])) {
$post = $query->fetch(PDO::FETCH_ASSOC);
$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason));
$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
if ($error) {
error($error);