harmacist/vichan
1
0
Fork 0
forked from GithubBackups/vichan
Code Pull Requests Activity

Mod bug: non-mods of board could ban from board

Browse Source
This commit is contained in:
8chan Admin 2013-10-23 10:28:47 +00:00
parent 7e65e1b971
commit 31ff4e044b
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
inc/mod/pages.php
View File

@ -840,15 +840,18 @@ function mod_page_ip($ip) {
} }
function mod_ban() { function mod_ban() {
global $config; global $config, $mod;
if (!hasPermission($config['mod']['ban'])) if (!hasPermission($config['mod']['ban']))
error($config['error']['noaccess']); error($config['error']['noaccess']);
if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) { if (!isset($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban'))); mod_page(_('New ban'), 'mod/ban_form.html', array('token' => make_secure_link_token('ban')));
return; return;
} }
if (!in_array($_POST['board'], $mod['boards']))
error($config['error']['noaccess']);
require_once 'inc/mod/ban.php'; require_once 'inc/mod/ban.php';
@ -1258,7 +1261,7 @@ function mod_ban_post($board, $delete, $post, $token = false) {
if (!hasPermission($config['mod']['delete'], $board)) if (!hasPermission($config['mod']['delete'], $board))
error($config['error']['noaccess']); error($config['error']['noaccess']);
$security_token = make_secure_link_token($board . '/ban/' . $post); $security_token = make_secure_link_token($board . '/ban/' . $post);
$query = prepare(sprintf('SELECT ' . ($config['ban_show_post'] ? '*' : '`ip`, `thread`') . $query = prepare(sprintf('SELECT ' . ($config['ban_show_post'] ? '*' : '`ip`, `thread`') .