1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-12-18 02:16:03 +01:00

Merge pull request #600 from vichan-devel/revert-597-remove_telegram

Temporarily Revert "Remove telegrams" due to critical bug with posting
This commit is contained in:
RealAngeleno 2023-07-15 23:09:12 -07:00 committed by GitHub
commit ab2d29c8d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 192 additions and 0 deletions

View File

@ -1635,6 +1635,12 @@
$config['mod']['create_notes'] = $config['mod']['view_notes']; $config['mod']['create_notes'] = $config['mod']['view_notes'];
// Remote notes // Remote notes
$config['mod']['remove_notes'] = ADMIN; $config['mod']['remove_notes'] = ADMIN;
// View telegrams
$config['mod']['view_telegrams'] = JANITOR;
// Create telegrams
$config['mod']['create_telegrams'] = $config['mod']['view_telegrams'];
// Remove telegrams
$config['mod']['remove_telegrams'] = ADMIN;
// Create a new board // Create a new board
$config['mod']['newboard'] = ADMIN; $config['mod']['newboard'] = ADMIN;
// Manage existing boards (change title, etc) // Manage existing boards (change title, etc)

View File

@ -2287,6 +2287,8 @@ msgstr "usuń"
msgid "New note" msgid "New note"
msgstr "Nowa notka" msgstr "Nowa notka"
msgid "New telegram"
msgstr "Nowa depesza"
#. line 94 #. line 94
#. line 7 #. line 7

View File

@ -806,6 +806,25 @@ function mod_ip_remove_note($cloaked_ip, $id) {
header('Location: ?/IP/' . $cloaked_ip . '#notes', true, $config['redirect_http']); header('Location: ?/IP/' . $cloaked_ip . '#notes', true, $config['redirect_http']);
} }
function mod_ip_remove_telegram($cloaked_ip, $id) {
$ip = uncloak_ip($cloaked_ip);
global $config, $mod;
if (!hasPermission($config['mod']['remove_telegrams']))
error($config['error']['noaccess']);
if (filter_var($ip, FILTER_VALIDATE_IP) === false)
error("Invalid IP address.");
$query = prepare('DELETE FROM ``telegrams`` WHERE `ip` = :ip AND `id` = :id');
$query->bindValue(':ip', $ip);
$query->bindValue(':id', $id);
$query->execute() or error(db_error($query));
modLog("Removed a telegram for <a href=\"?/IP/{$cloaked_ip}\">{$cloaked_ip}</a>");
header('Location: ?/IP/' . $cloaked_ip . '#telegrams', true, $config['redirect_http']);
}
function mod_page_ip($cip) { function mod_page_ip($cip) {
@ -852,6 +871,24 @@ function mod_page_ip($cip) {
return; return;
} }
if (isset($_POST['telegram'])) {
if (!hasPermission($config['mod']['create_telegrams']))
error($config['error']['noaccess']);
$_POST['telegram'] = escape_markup_modifiers($_POST['telegram']);
markup($_POST['telegram']);
$query = prepare('INSERT INTO ``telegrams`` VALUES (NULL, :mod_id, :ip, :message, 0, :created_at)');
$query->bindValue(':ip', $ip);
$query->bindValue(':mod_id', $mod['id']);
$query->bindValue(':created_at', time());
$query->bindValue(':message', $_POST['telegram']);
$query->execute() or error(db_error($query));
modLog("Added a telegram for <a href=\"?/IP/{$cip}\">{$cip}</a>");
header('Location: ?/IP/' . $cip . '#telegrams', true, $config['redirect_http']);
return;
}
$args = array(); $args = array();
$args['ip'] = $ip; $args['ip'] = $ip;
@ -897,6 +934,13 @@ function mod_page_ip($cip) {
$args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC); $args['notes'] = $query->fetchAll(PDO::FETCH_ASSOC);
} }
if (hasPermission($config['mod']['view_telegrams'])) {
$query = prepare("SELECT ``telegrams``.*, `username` FROM ``telegrams`` LEFT JOIN ``mods`` ON `mod_id` = ``mods``.`id` WHERE `ip` = :ip ORDER BY `created_at` DESC");
$query->bindValue(':ip', $ip);
$query->execute() or error(db_error($query));
$args['telegrams'] = $query->fetchAll(PDO::FETCH_ASSOC);
}
if (hasPermission($config['mod']['modlog_ip'])) { if (hasPermission($config['mod']['modlog_ip'])) {
$query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 50"); $query = prepare("SELECT `username`, `mod`, `ip`, `board`, `time`, `text` FROM ``modlogs`` LEFT JOIN ``mods`` ON `mod` = ``mods``.`id` WHERE `text` LIKE :search ORDER BY `time` DESC LIMIT 50");
$query->bindValue(':search', '%' . $cip . '%'); $query->bindValue(':search', '%' . $cip . '%');

View File

@ -346,6 +346,21 @@ CREATE TABLE IF NOT EXISTS `captchas` (
PRIMARY KEY (`cookie`,`extra`) PRIMARY KEY (`cookie`,`extra`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4; ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
-- --------------------------------------------------------
--
-- Table structure for table `telegrams`
--
CREATE TABLE IF NOT EXISTS `telegrams` (
`id` int(11) unsigned NOT NULL AUTO_INCREMENT,
`mod_id` int(11) unsigned NOT NULL,
`ip` varchar(39) CHARACTER SET ascii NOT NULL,
`message` text NOT NULL,
`seen` tinyint(1) NOT NULL DEFAULT FALSE,
`created_at` INT(11),
PRIMARY KEY(`id`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;

View File

@ -59,6 +59,7 @@ $pages = array(
'/IP/([\w.:]+)' => 'secure_POST ip', // view ip address '/IP/([\w.:]+)' => 'secure_POST ip', // view ip address
'/IP/([\w.:]+)/remove_note/(\d+)' => 'secure ip_remove_note', // remove note from ip address '/IP/([\w.:]+)/remove_note/(\d+)' => 'secure ip_remove_note', // remove note from ip address
'/IP/([\w.:-]+)/remove_telegram/(\d+)' => 'secure ip_remove_telegram', // remove telegram from ip address
'/ban' => 'secure_POST ban', // new ban '/ban' => 'secure_POST ban', // new ban
'/bans' => 'secure_POST bans', // ban list '/bans' => 'secure_POST bans', // ban list

View File

@ -1216,6 +1216,27 @@ if (isset($_POST['delete'])) {
if (!$post['mod']) header('X-Associated-Content: "' . $redirect . '"'); if (!$post['mod']) header('X-Associated-Content: "' . $redirect . '"');
// Any telegrams to show?
$query = prepare('SELECT * FROM ``telegrams`` WHERE ``ip`` = :ip AND ``seen`` = 0');
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR']);
$query->execute() or error(db_error($query));
$telegrams = $query->fetchAll(PDO::FETCH_ASSOC);
if (count($telegrams) > 0)
goto skip_redirect;
if (!isset($_POST['json_response'])) {
header('Location: ' . $redirect, true, $config['redirect_http']);
} else {
header('Content-Type: text/json; charset=utf-8');
echo json_encode(array(
'redirect' => $redirect,
'noko' => $noko,
'id' => $id
));
}
skip_redirect:
if ($config['try_smarter'] && $post['op']) if ($config['try_smarter'] && $post['op'])
$build_pages = range(1, $config['max_pages']); $build_pages = range(1, $config['max_pages']);
@ -1227,6 +1248,20 @@ if (isset($_POST['delete'])) {
buildIndex(); buildIndex();
if (count($telegrams) > 0) {
$ids = implode(', ', array_map(function($x) { return (int)$x['id']; }, $telegrams));
query("UPDATE ``telegrams`` SET ``seen`` = 1 WHERE ``id`` IN({$ids})") or error(db_error());
die(Element('page.html', array(
'title' => _('Important message from Moderation'),
'config' => $config,
'body' => Element('important.html', array(
'config' => $config,
'redirect' => $redirect,
'telegrams' => $telegrams,
))
)));
}
// We are already done, let's continue our heavy-lifting work in the background (if we run off FastCGI) // We are already done, let's continue our heavy-lifting work in the background (if we run off FastCGI)
if (function_exists('fastcgi_finish_request')) if (function_exists('fastcgi_finish_request'))
@fastcgi_finish_request(); @fastcgi_finish_request();

12
templates/important.html Normal file
View File

@ -0,0 +1,12 @@
<div class="ban">
{% for telegram in telegrams %}
<div style="padding: 10px;">
<cite><time datetime="{{ telegram.created_at|date('%Y-%m-%dT%H:%M:%S') }}{{ timezone() }}">{{ post.time|date(config.post_date) }}</time></cite>
<p>{{ telegram.message }}</p>
</div>
<hr>
{% endfor %}
<div style="padding:20px;text-align:center;">
<a href="{{ redirect }}">{%trans 'Return' %}</a>
</div>
</div>

View File

@ -81,6 +81,83 @@
</fieldset> </fieldset>
{% endif %} {% endif %}
{% if mod|hasPermission(config.mod.view_telegrams) %}
<fieldset id="telegrams">
<legend>
{% set telegrams_length = telegrams|length %}
<legend>{{ telegrams_length }} {% trans %}telegram on record{% plural notes_length %}telegrams on record{% endtrans %}</legend>
</legend>
{% if telegrams|length > 0 %}
<table class="modlog">
<tr>
<th>{% trans 'Staff' %}</th>
<th>{% trans 'Message' %}</th>
<th>{% trans 'Date' %}</th>
<th class="minimal">{% trans 'Seen' %}</th>
{% if mod|hasPermission(config.mod.remove_telegrams) %}
<th>{% trans 'Actions' %}</th>
{% endif %}
</tr>
{% for telegram in telegrams %}
<tr>
<td class="minimal">
{% if telegram.username %}
<a href="?/new_PM/{{ telegram.username|e }}">{{ telegram.username|e }}</a>
{% else %}
<em>{% trans 'deleted?' %}</em>
{% endif %}
</td>
<td>
{{ telegram.message }}
</td>
<td class="minimal">
{{ telegram.created_at|date(config.post_date) }}
</td>
<td>
{% if telegram.seen %}
{% trans 'Yes' %}
{% else %}
{% trans 'No' %}
{% endif %}
</td>
{% if mod|hasPermission(config.mod.remove_telegrams) %}
<td class="minimal">
<a href="?/IP/{{ ip|cloak_ip|url_encode(true) }}/remove_telegram/{{ telegram.id }}">
<small>[{% trans 'remove' %}]</small>
</a>
</td>
{% endif %}
</tr>
{% endfor %}
</table>
{% endif %}
{% if mod|hasPermission(config.mod.create_telegrams) %}
<form action="" method="post" style="margin:0">
<input type="hidden" name="token" value="{{ security_token }}">
<table>
<tr>
<th>{% trans 'Staff' %}</th>
<td>{{ mod.username|e }}</td>
</tr>
<tr>
<th>
<label for="telegram">{% trans 'Message' %}</label>
</th>
<td>
<textarea id="telegram" name="telegram" rows="5" cols="30"></textarea>
</td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="{% trans 'New telegram' %}"></td>
</tr>
</table>
</form>
{% endif %}
</fieldset>
{% endif %}
{% if bans|length > 0 and mod|hasPermission(config.mod.view_ban) %} {% if bans|length > 0 and mod|hasPermission(config.mod.view_ban) %}
<fieldset id="bans"> <fieldset id="bans">