From 5836cd23d2d58c77bbb04d061c43c232a102c979 Mon Sep 17 00:00:00 2001 From: Michael Foster Date: Sun, 11 Aug 2013 21:22:25 +1000 Subject: [PATCH] Critical bug: users could not report OP posts, only replies (thanks to ctrlcctrlv for finding this) --- post.php | 26 ++++++++++++-------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/post.php b/post.php index ab4775eb..074aa0dc 100644 --- a/post.php +++ b/post.php @@ -117,20 +117,18 @@ if (isset($_POST['delete'])) { $thread = $query->fetchColumn(); - if ($thread) { - if ($config['syslog']) - _syslog(LOG_INFO, 'Reported post: ' . - '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $thread ? $thread : $id) . ($thread ? '#' . $id : '') . - ' for "' . $reason . '"' - ); - $query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)"); - $query->bindValue(':time', time(), PDO::PARAM_INT); - $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); - $query->bindValue(':board', $board['uri'], PDO::PARAM_INT); - $query->bindValue(':post', $id, PDO::PARAM_INT); - $query->bindValue(':reason', $reason, PDO::PARAM_STR); - $query->execute() or error(db_error($query)); - } + if ($config['syslog']) + _syslog(LOG_INFO, 'Reported post: ' . + '/' . $board['dir'] . $config['dir']['res'] . sprintf($config['file_page'], $thread ? $thread : $id) . ($thread ? '#' . $id : '') . + ' for "' . $reason . '"' + ); + $query = prepare("INSERT INTO ``reports`` VALUES (NULL, :time, :ip, :board, :post, :reason)"); + $query->bindValue(':time', time(), PDO::PARAM_INT); + $query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR); + $query->bindValue(':board', $board['uri'], PDO::PARAM_INT); + $query->bindValue(':post', $id, PDO::PARAM_INT); + $query->bindValue(':reason', $reason, PDO::PARAM_STR); + $query->execute() or error(db_error($query)); } $is_mod = isset($_POST['mod']) && $_POST['mod'];