From b4ff535128e6c169d2b4966e6227faa511780621 Mon Sep 17 00:00:00 2001 From: undido Date: Tue, 16 Apr 2013 19:09:58 -0300 Subject: [PATCH 1/2] update to pages.php minor exploit A lot of bans can be removed from a tinyboard database because it isn't limited A staff member could select 100 users all at once with a simple javascript function and unban them all this needs to be limited because a staff member on an image board if they feel hostile they can just remove all bans on the tinyboard site easily without being limited to how many people they can unban at a time, this adds an option to limit it. --- inc/mod/pages.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/inc/mod/pages.php b/inc/mod/pages.php index 5d736a1a..6a780474 100644 --- a/inc/mod/pages.php +++ b/inc/mod/pages.php @@ -651,7 +651,8 @@ function mod_bans($page_no = 1) { if (preg_match('/^ban_(\d+)$/', $name, $match)) $unban[] = $match[1]; } - + if (isset($config['mod']['unban_limit'])){ + if (count($unban) <= $config['mod']['unban_limit'] || $config['mod']['unban_limit'] == -1){ if (!empty($unban)) { query('DELETE FROM `bans` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error()); @@ -659,7 +660,21 @@ function mod_bans($page_no = 1) { modLog("Removed ban #{$id}"); } } + } else { + error(sprintf($config['error']['toomanyunban'], $config['mod']['unban_limit'], count($unban) )); + } + } else { + + if (!empty($unban)) { + query('DELETE FROM `bans` WHERE `id` = ' . implode(' OR `id` = ', $unban)) or error(db_error()); + + foreach ($unban as $id) { + modLog("Removed ban #{$id}"); + } + } + + } header('Location: ?/bans', true, $config['redirect_http']); } From 83401b3a68b4031b4e3c33230acf0d99df7e45fe Mon Sep 17 00:00:00 2001 From: undido Date: Tue, 16 Apr 2013 19:14:51 -0300 Subject: [PATCH 2/2] update config.php config for unban limit Adding config and error for unban list when a user tries to unban more users than they are allowed too. --- inc/config.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/inc/config.php b/inc/config.php index 8eed50fa..900d540a 100644 --- a/inc/config.php +++ b/inc/config.php @@ -686,6 +686,7 @@ $config['error']['captcha'] = _('You seem to have mistyped the verification.'); // Moderator errors + $config['error']['toomanyunban'] = _('You are only allowed to unban %s users at a time. You tried to unban %u users.'); $config['error']['invalid'] = _('Invalid username and/or password.'); $config['error']['notamod'] = _('You are not a mod…'); $config['error']['invalidafter'] = _('Invalid username and/or password. Your user may have been deleted or changed.'); @@ -768,6 +769,9 @@ * Mod settings * ==================== */ + + // Limit how many bans can be removed via the ban list. (Set too -1 to remove limit.) + $config['mod']['unban_limit'] = 5; // Whether or not to lock moderator sessions to the IP address that was logged in with. $config['mod']['lock_ip'] = true;