kashire/lainchan
4
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Fixed escaping bug on search

Browse Source
This commit is contained in:
Savetheinternet 2011-03-30 16:55:43 +11:00
parent 835d3bfc79
commit 38e99d16aa
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mod.php
View File

@ -155,7 +155,6 @@
$log['text'] = htmlentities($log['text']); $log['text'] = htmlentities($log['text']);
$log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']); $log['text'] = preg_replace('/(\d+\.\d+\.\d+\.\d+)/', '<a href="?/IP/$1">$1</a>', $log['text']);
$body .= '<tr>' . $body .= '<tr>' .
'<td class="minimal"><a href="?/users/' . $log['id'] . '">' . $log['username'] . '</a></td>' . '<td class="minimal"><a href="?/users/' . $log['id'] . '">' . $log['username'] . '</a></td>' .
'<td class="minimal"><a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a></td>' . '<td class="minimal"><a href="?/IP/' . $log['ip'] . '">' . $log['ip'] . '</a></td>' .
@ -316,6 +315,9 @@
$phrase = $_POST['search']; $phrase = $_POST['search'];
$_body = ''; $_body = '';
// Escape escape character
$phrase = str_replace('!', '!!', $phrase);
// Remove SQL wildcard // Remove SQL wildcard
$phrase = str_replace('%', '!%', $phrase); $phrase = str_replace('%', '!%', $phrase);
@ -700,12 +702,12 @@
} else { } else {
if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']); if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']);
$query = prepare("SELECT `post` FROM `reports` WHERE `id` = :id"); $query = prepare("SELECT `post`, `board` FROM `reports` WHERE `id` = :id");
$query->bindValue(':id', $matches[1], PDO::PARAM_INT); $query->bindValue(':id', $matches[1], PDO::PARAM_INT);
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
if($report = $query->fetch()) { if($report = $query->fetch()) {
modLog('Dismissed a report for post #' . $report['post']); modLog('Dismissed a report for post #' . $report['post'], $report['board']);
$query = prepare("DELETE FROM `reports` WHERE `post` = :post"); $query = prepare("DELETE FROM `reports` WHERE `post` = :post");
$query->bindValue(':post', $report['post'], PDO::PARAM_INT); $query->bindValue(':post', $report['post'], PDO::PARAM_INT);