fix #72
This commit is contained in:
parent
b26cd8b9b4
commit
9526f5ed1c
@ -232,7 +232,7 @@ function mod_search($type, $search_query_escaped, $page_no = 1) {
|
|||||||
|
|
||||||
// Which `field` to search?
|
// Which `field` to search?
|
||||||
if ($type == 'posts')
|
if ($type == 'posts')
|
||||||
$sql_field = array('body_nomarkup', 'filename', 'file', 'subject', 'filehash', 'ip', 'name', 'trip');
|
$sql_field = array('body_nomarkup', 'files', 'subject', 'filehash', 'ip', 'name', 'trip');
|
||||||
if ($type == 'IP_notes')
|
if ($type == 'IP_notes')
|
||||||
$sql_field = 'body';
|
$sql_field = 'body';
|
||||||
if ($type == 'bans')
|
if ($type == 'bans')
|
||||||
@ -739,28 +739,31 @@ function mod_view_thread50($boardName, $thread) {
|
|||||||
|
|
||||||
function mod_ip_remove_note($ip, $id) {
|
function mod_ip_remove_note($ip, $id) {
|
||||||
global $config, $mod;
|
global $config, $mod;
|
||||||
|
$ip = rawurldecode($ip);
|
||||||
|
|
||||||
if (!hasPermission($config['mod']['remove_notes']))
|
if (!hasPermission($config['mod']['remove_notes']))
|
||||||
error($config['error']['noaccess']);
|
error($config['error']['noaccess']);
|
||||||
|
|
||||||
if (filter_var($ip, FILTER_VALIDATE_IP) === false)
|
//if (filter_var($ip, FILTER_VALIDATE_IP) === false)
|
||||||
error("Invalid IP address.");
|
// error("Invalid IP address.");
|
||||||
|
|
||||||
$query = prepare('DELETE FROM ``ip_notes`` WHERE `ip` = :ip AND `id` = :id');
|
$query = prepare('DELETE FROM ``ip_notes`` WHERE `ip` = :ip AND `id` = :id');
|
||||||
$query->bindValue(':ip', $ip);
|
$query->bindValue(':ip', $ip);
|
||||||
$query->bindValue(':id', $id);
|
$query->bindValue(':id', $id);
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
|
|
||||||
modLog("Removed a note for <a href=\"?/IP/{$ip}\">{$ip}</a>");
|
modLog("Removed a note for <a href=\"?/IP/".rawurlencode($ip)."\">".htmlspecialchars($ip)."</a>");
|
||||||
|
|
||||||
header('Location: ?/IP/' . $ip . '#notes', true, $config['redirect_http']);
|
header('Location: ?/IP/' . rawurlencode($ip) . '#notes', true, $config['redirect_http']);
|
||||||
}
|
}
|
||||||
|
|
||||||
function mod_page_ip($ip) {
|
function mod_page_ip($ip) {
|
||||||
global $config, $mod;
|
global $config, $mod;
|
||||||
|
|
||||||
if (filter_var($ip, FILTER_VALIDATE_IP) === false)
|
$ip = rawurldecode($ip);
|
||||||
error("Invalid IP address.");
|
|
||||||
|
//if (filter_var($ip, FILTER_VALIDATE_IP) === false)
|
||||||
|
// error("Invalid IP address.");
|
||||||
|
|
||||||
if (isset($_POST['ban_id'], $_POST['unban'])) {
|
if (isset($_POST['ban_id'], $_POST['unban'])) {
|
||||||
if (!hasPermission($config['mod']['unban']))
|
if (!hasPermission($config['mod']['unban']))
|
||||||
@ -768,7 +771,7 @@ function mod_page_ip($ip) {
|
|||||||
|
|
||||||
Bans::delete($_POST['ban_id'], true);
|
Bans::delete($_POST['ban_id'], true);
|
||||||
|
|
||||||
header('Location: ?/IP/' . $ip . '#bans', true, $config['redirect_http']);
|
header('Location: ?/IP/' . rawurlencode($ip) . '#bans', true, $config['redirect_http']);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -785,9 +788,9 @@ function mod_page_ip($ip) {
|
|||||||
$query->bindValue(':body', $_POST['note']);
|
$query->bindValue(':body', $_POST['note']);
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
|
|
||||||
modLog("Added a note for <a href=\"?/IP/{$ip}\">{$ip}</a>");
|
modLog("Added a note for <a href=\"?/IP/".rawurlencode($ip)."\">".htmlspecialchars($ip)."</a>");
|
||||||
|
|
||||||
header('Location: ?/IP/' . $ip . '#notes', true, $config['redirect_http']);
|
header('Location: ?/IP/' . rawurlencode($ip) . '#notes', true, $config['redirect_http']);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -803,7 +806,7 @@ function mod_page_ip($ip) {
|
|||||||
openBoard($board['uri']);
|
openBoard($board['uri']);
|
||||||
if (!hasPermission($config['mod']['show_ip'], $board['uri']))
|
if (!hasPermission($config['mod']['show_ip'], $board['uri']))
|
||||||
continue;
|
continue;
|
||||||
$query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `ip` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
|
$query = prepare(sprintf('SELECT * FROM ``posts_%s`` WHERE `ip` = :ip OR `password` = :ip ORDER BY `sticky` DESC, `id` DESC LIMIT :limit', $board['uri']));
|
||||||
$query->bindValue(':ip', $ip);
|
$query->bindValue(':ip', $ip);
|
||||||
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
|
$query->bindValue(':limit', $config['mod']['ip_recentposts'], PDO::PARAM_INT);
|
||||||
$query->execute() or error(db_error($query));
|
$query->execute() or error(db_error($query));
|
||||||
@ -846,7 +849,7 @@ function mod_page_ip($ip) {
|
|||||||
|
|
||||||
$args['security_token'] = make_secure_link_token('IP/' . $ip);
|
$args['security_token'] = make_secure_link_token('IP/' . $ip);
|
||||||
|
|
||||||
mod_page(sprintf('%s: %s', _('IP'), $ip), 'mod/view_ip.html', $args, $args['hostname']);
|
mod_page(sprintf('%s: %s', _('IP'), htmlspecialchars($ip)), 'mod/view_ip.html', $args, $args['hostname']);
|
||||||
}
|
}
|
||||||
|
|
||||||
function mod_ban() {
|
function mod_ban() {
|
||||||
|
Loading…
Reference in New Issue
Block a user