forked from leftypol/leftypol
pages.php: trim ban POST parameters
This commit is contained in:
parent
88bb079d45
commit
9d5493989e
1 changed files with 55 additions and 18 deletions
|
|
@ -19,6 +19,16 @@ function _link_or_copy_factory(Context $ctx): callable {
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _trim_str_param(array $arr, string $key): ?string {
|
||||||
|
if (isset($arr[$key])) {
|
||||||
|
$trimmed = \trim($arr[$key]);
|
||||||
|
if (!empty($trimmed)) {
|
||||||
|
return $trimmed;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
function mod_page($title, $template, $args, $subtitle = false) {
|
function mod_page($title, $template, $args, $subtitle = false) {
|
||||||
global $config, $mod;
|
global $config, $mod;
|
||||||
|
|
||||||
|
|
@ -1113,14 +1123,19 @@ function mod_ban(Context $ctx) {
|
||||||
if (!hasPermission($config['mod']['ban']))
|
if (!hasPermission($config['mod']['ban']))
|
||||||
error($config['error']['noaccess']);
|
error($config['error']['noaccess']);
|
||||||
|
|
||||||
if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
|
$ip = _trim_str_param($_POST, 'ip' );
|
||||||
|
$reason = _trim_str_param($_POST, 'reason');
|
||||||
|
$length = _trim_str_param($_POST, 'length');
|
||||||
|
$board = _trim_str_param($_POST, 'board');
|
||||||
|
|
||||||
|
if (!isset($ip, $reason, $length, $board)) {
|
||||||
mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban')));
|
mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban')));
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
require_once 'inc/mod/ban.php';
|
require_once 'inc/mod/ban.php';
|
||||||
|
|
||||||
Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board']);
|
Bans::new_ban($ip, $reason, $length, $board == '*' ? false : $board);
|
||||||
|
|
||||||
if (isset($_POST['redirect']))
|
if (isset($_POST['redirect']))
|
||||||
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
|
header('Location: ' . $_POST['redirect'], true, $config['redirect_http']);
|
||||||
|
|
@ -1967,25 +1982,41 @@ function mod_ban_post(Context $ctx, $board, $delete, $post, $token = false) {
|
||||||
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
|
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
|
||||||
require_once 'inc/mod/ban.php';
|
require_once 'inc/mod/ban.php';
|
||||||
|
|
||||||
if (isset($_POST['ip']))
|
if (isset($_POST['ip'])) {
|
||||||
$ip = $_POST['ip'];
|
$ip_trim = \trim($_POST['ip']);
|
||||||
|
if (!empty($ip_trim)) {
|
||||||
|
$ip = $ip_trim;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board'],
|
$target_ip = \trim($_POST['ip']);
|
||||||
|
$reason = \trim($_POST['reason']);
|
||||||
|
$length = \trim($_POST['length']);
|
||||||
|
$target_board = \trim($_POST['board']);
|
||||||
|
|
||||||
|
Bans::new_ban($target_ip, $reason, $length, $target_board == '*' ? false : $target_board,
|
||||||
false, $config['ban_show_post'] ? $_post : false);
|
false, $config['ban_show_post'] ? $_post : false);
|
||||||
|
|
||||||
if (isset($_POST['public_message'], $_POST['message'])) {
|
$message = _trim_str_param($_POST, 'message');
|
||||||
|
$public_message = _trim_str_param($_POST, 'public_message');
|
||||||
|
|
||||||
|
if (isset($public_message, $message)) {
|
||||||
// public ban message
|
// public ban message
|
||||||
$length_english = Bans::parse_time($_POST['length']) ? 'for ' . until(Bans::parse_time($_POST['length'])) : 'permanently';
|
$length_parsed = Bans::parse_time($length);
|
||||||
$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
|
$length_english = $length_parsed ? 'for ' . until($length_parsed) : 'permanently';
|
||||||
$_POST['message'] = str_replace('%length%', $length_english, $_POST['message']);
|
|
||||||
$_POST['message'] = str_replace('%LENGTH%', strtoupper($length_english), $_POST['message']);
|
$message = \trim($_POST['message']);
|
||||||
|
$message = \preg_replace('/[\r\n]/', '', $message);
|
||||||
|
$message = \str_replace('%length%', $length_english, $message);
|
||||||
|
$message = \str_replace('%LENGTH%', \strtoupper($length_english), $message);
|
||||||
|
|
||||||
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
|
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
|
||||||
$query->bindValue(':id', $post);
|
$query->bindValue(':id', $post);
|
||||||
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard ban message>%s</tinyboard>", utf8tohtml($_POST['message'])));
|
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard ban message>%s</tinyboard>", utf8tohtml($message)));
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
rebuildPost($post);
|
rebuildPost($post);
|
||||||
|
|
||||||
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($_POST['message']));
|
modLog("Attached a public ban message to post #{$post}: " . utf8tohtml($message));
|
||||||
buildThread($thread ? $thread : $post);
|
buildThread($thread ? $thread : $post);
|
||||||
buildIndex();
|
buildIndex();
|
||||||
} elseif (isset($_POST['delete']) && (int) $_POST['delete']) {
|
} elseif (isset($_POST['delete']) && (int) $_POST['delete']) {
|
||||||
|
|
@ -2083,19 +2114,25 @@ function mod_warning_post(Context $ctx, $board, $post, $token = false) {
|
||||||
$ip = $_post['ip'];
|
$ip = $_post['ip'];
|
||||||
|
|
||||||
if (isset($_POST['new_warning'])) {
|
if (isset($_POST['new_warning'])) {
|
||||||
if (isset($_POST['ip']))
|
if (isset($_POST['ip'])) {
|
||||||
$ip = $_POST['ip'];
|
$ip_trim = \trim($_POST['ip']);
|
||||||
|
if (!empty($ip_trim)) {
|
||||||
|
$ip = $ip_trim;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (isset($_POST['public_message'], $_POST['message'])) {
|
$message = _trim_str_param($_POST, 'message');
|
||||||
|
$public_message = _trim_str_param($_POST, 'public_message');
|
||||||
|
|
||||||
|
if (isset($public_message, $message)) {
|
||||||
// public warning message
|
// public warning message
|
||||||
$_POST['message'] = preg_replace('/[\r\n]/', '', $_POST['message']);
|
|
||||||
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
|
$query = prepare(sprintf('UPDATE ``posts_%s`` SET `body_nomarkup` = CONCAT(`body_nomarkup`, :body_nomarkup) WHERE `id` = :id', $board));
|
||||||
$query->bindValue(':id', $post);
|
$query->bindValue(':id', $post);
|
||||||
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard warning message>%s</tinyboard>", utf8tohtml($_POST['message'])));
|
$query->bindValue(':body_nomarkup', sprintf("\n<tinyboard warning message>%s</tinyboard>", utf8tohtml($message)));
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
rebuildPost($post);
|
rebuildPost($post);
|
||||||
|
|
||||||
modLog("Attached a public warning message to post #{$post}: " . utf8tohtml($_POST['message']));
|
modLog("Attached a public warning message to post #{$post}: " . utf8tohtml($message));
|
||||||
buildThread($thread ? $thread : $post);
|
buildThread($thread ? $thread : $post);
|
||||||
buildIndex();
|
buildIndex();
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue