perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Merge pull request 'Trim ban parameters' (#147) from trim-ban-args into config

Browse source 
Reviewed-on: leftypol/leftypol#147
This commit is contained in:
Zankaria 2025-08-22 18:13:51 -05:00
commit 73b2bebe56
1 changed files with 55 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

73
inc/mod/pages.php
View file

@ -19,6 +19,16 @@ function _link_or_copy_factory(Context $ctx): callable {
};
}
function _trim_str_param(array $arr, string $key): ?string {
if (isset($arr[$key])) {
$trimmed = \trim($arr[$key]);
if (!empty($trimmed)) {
return $trimmed;
}
}
return null;
}
function mod_page($title, $template, $args, $subtitle = false) {
global $config, $mod;
@ -1113,14 +1123,19 @@ function mod_ban(Context $ctx) {
if (!hasPermission($config['mod']['ban']))
error($config['error']['noaccess']);
if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
$ip = _trim_str_param($_POST, 'ip' );
$reason = _trim_str_param($_POST, 'reason');
$length = _trim_str_param($_POST, 'length');
$board = _trim_str_param($_POST, 'board');
if (!isset($ip, $reason, $length, $board)) {
mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban')));
return;
}
require_once 'inc/mod/ban.php';
Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board']);
Bans::new_ban($ip, $reason, $length, $board == '*' ? false : $board);
if (isset($_POST['redirect']))
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
@ -1967,25 +1982,41 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
require_once 'inc/mod/ban.php';
if (isset($_POST['ip']))
$ip = $_POST['ip'];
if (isset($_POST['ip'])) {
$ip_trim = \trim($_POST['ip']);
if (!empty($ip_trim)) {
$ip = $ip_trim;
}
}
Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board'],
$target_ip = \trim($_POST['ip']);
$reason = \trim($_POST['reason']);
$length = \trim($_POST['length']);
$target_board = \trim($_POST['board']);
Bans::new_ban($target_ip, $reason, $length, $target_board == '*' ? false : $target_board,
false, $config['ban_show_post'] ? $_post : false);
if (isset($_POST['public_message'], $_POST['message'])) {
$message = _trim_str_param($_POST, 'message');
$public_message = _trim_str_param($_POST, 'public_message');
if (isset($public_message, $message)) {
// public ban message
$length_english = Bans::parse_time($_POST['length']) ? 'for ' . until(Bans::parse_time($_POST['length'])) : 'permanently';
$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
$_POST['message'] = str_replace('%length%', $length_english, $_POST['message']);
$_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']);
$length_parsed = Bans::parse_time($length);
$length_english = $length_parsed ? 'for ' . until($length_parsed) : 'permanently';
$message = \trim($_POST['message']);
$message = \preg_replace('/[\r\n]/', '', $message);
$message = \str_replace('%length%', $length_english, $message);
$message = \str_replace('%LENGTH%', \strtoupper($length_english), $message);
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard ban message>%s</tinyboard>", utf8tohtml($_POST['message'])));
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard ban message>%s</tinyboard>", utf8tohtml($message)));
$query->execute() or error(db_error($query));
rebuildPost($post);
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message']));
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($message));
buildThread($thread ? $thread : $post);
buildIndex();
} elseif (isset($_POST['delete']) && (int) $_POST['delete']) {
@ -2083,19 +2114,25 @@ function mod_warning_post(Context $ctx, $board, $post, $token = false) {
$ip = $_post['ip'];
if (isset($_POST['new_warning'])) {
if (isset($_POST['ip']))
$ip = $_POST['ip'];
if (isset($_POST['ip'])) {
$ip_trim = \trim($_POST['ip']);
if (!empty($ip_trim)) {
$ip = $ip_trim;
}
}
if (isset($_POST['public_message'], $_POST['message'])) {
$message = _trim_str_param($_POST, 'message');
$public_message = _trim_str_param($_POST, 'public_message');
if (isset($public_message, $message)) {
// public warning message
$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
$query->bindValue(':id', $post);
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard warning message>%s</tinyboard>", utf8tohtml($_POST['message'])));
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard warning message>%s</tinyboard>", utf8tohtml($message)));
$query->execute() or error(db_error($query));
rebuildPost($post);
modLog("Attached a public warning message to post #{$post}: " . utf8tohtml($_POST['message']));
modLog("Attached a public warning message to post #{$post}: " . utf8tohtml($message));
buildThread($thread ? $thread : $post);
buildIndex();