From e80549a8816f1a01cf150a05017d9ee81e5e31d0 Mon Sep 17 00:00:00 2001 From: discomrade Date: Sat, 24 Jul 2021 10:47:56 -0200 Subject: [PATCH] Enforce maximum length of ban appeal --- inc/config.php | 8 ++++++++ post.php | 15 ++++++++++----- templates/banned.html | 2 +- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/inc/config.php b/inc/config.php index 7a2f603d..b44b082c 100644 --- a/inc/config.php +++ b/inc/config.php @@ -699,6 +699,9 @@ // How many ban appeals can be made for a single ban? $config['ban_appeals_max'] = 1; + // Maximum character length of appeal. + $config['ban_appeal_max_chars'] = 250; + // Show moderator name on ban page. $config['show_modname'] = false; @@ -1181,6 +1184,11 @@ $config['error']['noreport'] = _('You didn\'t select anything to report.'); $config['error']['invalidreport'] = _('The reason was too long.'); $config['error']['toomanyreports'] = _('You can\'t report that many posts at once.'); + $config['error']['noban'] = _('That ban doesn\'t exist or is not for you.'); + $config['error']['tooshortban'] = _('You cannot appeal a ban of this length.'); + $config['error']['toolongappeal'] = _('The appeal was too long.'); + $config['error']['toomanyappeals'] = _('You cannot appeal this ban again.'); + $config['error']['pendingappeal'] = _('There is already a pending appeal for this ban.'); $config['error']['invalidpassword'] = _('Wrong password…'); $config['error']['invalidimg'] = _('Invalid image.'); $config['error']['phpfileserror'] = _('Upload failure (file #%index%): Error code %code%. Refer to http://php.net/manual/en/features.file-upload.errors.php; post discarded.'); diff --git a/post.php b/post.php index 86178cde..bf3a5b13 100644 --- a/post.php +++ b/post.php @@ -1367,23 +1367,28 @@ if (isset($_POST['delete'])) { } if (!isset($ban)) { - error(_("That ban doesn't exist or is not for you.")); + error($config['error']['noban']); } if ($ban['expires'] && $ban['expires'] - $ban['created'] <= $config['ban_appeals_min_length']) { - error(_("You cannot appeal a ban of this length.")); + error($config['error']['tooshortban']); } $query = query("SELECT `denied` FROM ``ban_appeals`` WHERE `ban_id` = $ban_id") or error(db_error()); $ban_appeals = $query->fetchAll(PDO::FETCH_COLUMN); if (count($ban_appeals) >= $config['ban_appeals_max']) { - error(_("You cannot appeal this ban again.")); + error($config['error']['toomanyappeals']); } foreach ($ban_appeals as $is_denied) { - if (!$is_denied) - error(_("There is already a pending appeal for this ban.")); + if (!$is_denied) { + error($config['error']['pendingappeal']); + } + } + + if (strlen($_POST['appeal']) > $config['ban_appeal_max_chars']) { + error($config['error']['toolongappeal']); } $query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)"); diff --git a/templates/banned.html b/templates/banned.html index eb8f0d9f..73d2d15b 100644 --- a/templates/banned.html +++ b/templates/banned.html @@ -135,7 +135,7 @@ {% endif %}
- +
{% endif %}