perdedora/leftypol
1
0
Fork 0
forked from leftypol/leftypol
Code Pull requests Activity

Add source IP to ban_appeals table

Browse source
This commit is contained in:
Zankaria 2024-03-15 14:34:17 +01:00
parent c696ad4fa2
commit 7e3a531aa5
3 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

10
post.php
View file

@ -170,10 +170,11 @@ function db_insert_report($ip, $board, $post_id, $reason)
* @param string $appeal_message Appeal message.
* @return void
*/
function db_insert_ban_appeal($ban_id, $appeal_message)
function db_insert_ban_appeal($ban_id, $source_ip, $appeal_message)
{
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :time, :message, 0)");
$query = prepare("INSERT INTO ``ban_appeals`` VALUES (NULL, :ban_id, :source_ip, :time, :message, 0)");
$query->bindValue(':ban_id', $ban_id, PDO::PARAM_INT);
$query->bindValue(':source_ip', $source_ip);
$query->bindValue(':time', time(), PDO::PARAM_INT);
$query->bindValue(':message', $appeal_message);
$query->execute() or error(db_error($query));
@ -1659,7 +1660,8 @@ function handle_appeal()
// Doubles as sanitization against SQL injection.
$ban_id = (int) $_POST['ban_id'];
$bans = Bans::find($_SERVER['REMOTE_ADDR']);
$source_ip = $_SERVER['REMOTE_ADDR'];
$bans = Bans::find($source_ip);
foreach ($bans as $_ban) {
if ($_ban['id'] == $ban_id) {
$ban = $_ban;
@ -1693,7 +1695,7 @@ function handle_appeal()
// Sanitize away eventual Cross Site Scripting funkyness.
$appeal_msg = htmlspecialchars($_POST['appeal']);
db_insert_ban_appeal($ban_id, $appeal_msg);
db_insert_ban_appeal($ban_id, $source_ip, $appeal_msg);
displayBan($ban);
}