harmacist/vichan
1
0
Fork 0
forked from GithubBackups/vichan
Code Pull Requests Activity

Fix ban issues once and for all

Browse Source
This commit is contained in:
8chan Admin 2013-10-24 18:38:19 +00:00
parent 58afc866a2
commit 58ef0213d2
2 changed files with 24 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
inc/bans.php
View File

@ -117,20 +117,25 @@ class Bans {
return array($ipstart, $ipend); return array($ipstart, $ipend);
} }
static public function find($ip, $board = false, $get_mod_info = false) { static public function find($criteria, $board = false, $get_mod_info = false, $id = false) {
global $config; global $config;
$query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans`` $query = prepare('SELECT ``bans``.*' . ($get_mod_info ? ', `username`' : '') . ' FROM ``bans``
' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . ' ' . ($get_mod_info ? 'LEFT JOIN ``mods`` ON ``mods``.`id` = `creator`' : '') . '
WHERE WHERE ' . ($id ? 'id = :id' : '
(' . ($board ? '(`board` IS NULL OR `board` = :board) AND' : '') . ' (' . ($board ? '(`board` IS NULL OR `board` = :board) AND' : '') . '
(`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`))) (`ipstart` = :ip OR (:ip >= `ipstart` AND :ip <= `ipend`)))') . '
ORDER BY `expires` IS NULL, `expires` DESC'); ORDER BY `expires` IS NULL, `expires` DESC');
if ($board) if ($board)
$query->bindValue(':board', $board); $query->bindValue(':board', $board);
$query->bindValue(':ip', inet_pton($ip)); if (!$id) {
$query->bindValue(':ip', inet_pton($criteria));
} else {
$query->bindValue(':id', $criteria);
}
$query->execute() or error(db_error($query)); $query->execute() or error(db_error($query));
$ban_list = array(); $ban_list = array();
@ -179,13 +184,18 @@ class Bans {
} }
static public function delete($ban_id, $modlog = false) { static public function delete($ban_id, $modlog = false) {
if ($modlog) { global $config, $mod;
$query = query("SELECT `ipstart`, `ipend` FROM ``bans`` WHERE `id` = " . (int)$ban_id) or error(db_error());
$query = query("SELECT `ipstart`, `ipend`, `board` FROM ``bans`` WHERE `id` = " . (int)$ban_id) or error(db_error());
if (!$ban = $query->fetch(PDO::FETCH_ASSOC)) { if (!$ban = $query->fetch(PDO::FETCH_ASSOC)) {
// Ban doesn't exist // Ban doesn't exist
return false; return false;
} }
if ($mod['boards'][0] != '*' && !in_array($ban['board'], $mod['boards']))
error($config['error']['noaccess']);
if ($modlog) {
$mask = self::range_to_string(array($ban['ipstart'], $ban['ipend'])); $mask = self::range_to_string(array($ban['ipstart'], $ban['ipend']));
modLog("Removed ban #{$ban_id} for " . modLog("Removed ban #{$ban_id} for " .
@ -198,12 +208,15 @@ class Bans {
} }
static public function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false) { static public function new_ban($mask, $reason, $length = false, $ban_board = false, $mod_id = false, $post = false) {
global $mod, $pdo, $board; global $config, $mod, $pdo, $board;
if ($mod_id === false) { if ($mod_id === false) {
$mod_id = isset($mod['id']) ? $mod['id'] : -1; $mod_id = isset($mod['id']) ? $mod['id'] : -1;
} }
if (!in_array($ban_board, $mod['boards']) && $mod['boards'][0] != '*')
error($config['error']['noaccess']);
$range = self::parse_range($mask); $range = self::parse_range($mask);
$mask = self::range_to_string($range); $mask = self::range_to_string($range);

14
inc/mod/pages.php
View File

@ -761,14 +761,6 @@ function mod_page_ip($ip) {
if (!hasPermission($config['mod']['unban'])) if (!hasPermission($config['mod']['unban']))
error($config['error']['noaccess']); error($config['error']['noaccess']);
$bans = Bans::find($ip);
foreach ($bans as $i => $ban) {
if ($ban['id'] == $_POST['ban_id'])
if ($mod['boards'][0] != '*' && !in_array($ban['board'], $mod['boards']))
error($config['error']['noaccess']);
}
Bans::delete($_POST['ban_id'], true); Bans::delete($_POST['ban_id'], true);
header('Location: ?/IP/' . $ip . '#bans', true, $config['redirect_http']); header('Location: ?/IP/' . $ip . '#bans', true, $config['redirect_http']);
@ -863,9 +855,6 @@ function mod_ban() {
return; return;
} }
if (!in_array($_POST['board'], $mod['boards']) && $mod['boards'][0] != '*')
error($config['error']['noaccess']);
require_once 'inc/mod/ban.php'; require_once 'inc/mod/ban.php';
Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board']); Bans::new_ban($_POST['ip'], $_POST['reason'], $_POST['length'], $_POST['board'] == '*' ? false : $_POST['board']);
@ -1275,7 +1264,6 @@ function mod_ban_post($board, $delete, $post, $token = false) {
if (!hasPermission($config['mod']['delete'], $board)) if (!hasPermission($config['mod']['delete'], $board))
error($config['error']['noaccess']); error($config['error']['noaccess']);
$security_token = make_secure_link_token($board . '/ban/' . $post); $security_token = make_secure_link_token($board . '/ban/' . $post);
$query = prepare(sprintf('SELECT ' . ($config['ban_show_post'] ? '*' : '`ip`, `thread`') . $query = prepare(sprintf('SELECT ' . ($config['ban_show_post'] ? '*' : '`ip`, `thread`') .
@ -1289,8 +1277,6 @@ function mod_ban_post($board, $delete, $post, $token = false) {
$ip = $_post['ip']; $ip = $_post['ip'];
if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) { if (isset($_POST['new_ban'], $_POST['reason'], $_POST['length'], $_POST['board'])) {
if (!in_array($_POST['board'], $mod['boards']) && $mod['boards'][0] != '*')
error($config['error']['noaccess']);
require_once 'inc/mod/ban.php'; require_once 'inc/mod/ban.php';
if (isset($_POST['ip'])) if (isset($_POST['ip']))