From 2fa3b3c93eef3970dfa5715f3d43ebdf6c9b10f2 Mon Sep 17 00:00:00 2001 From: Lorenzo Yario Date: Thu, 9 May 2024 23:00:51 -0700 Subject: [PATCH 1/3] allow exclusion of boards --- search.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/search.php b/search.php index fe5f2850..e7970fc5 100644 --- a/search.php +++ b/search.php @@ -17,7 +17,19 @@ $body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '"', utf8tohtml($_GET['search'])) : false)); - if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) { + if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) { + + //Before we do any of that, is this a disallowed board? If so, don't allow people to peer into it. + if (in_array($_GET['board'], $config['search']['disallowed_boards'])) { + $body .= '

('._('Disallowed board.').')

'; + echo Element($config['file_page_template'], Array( + 'config'=>$config, + 'title'=>'Search', + 'body'=>$body, + )); + exit; + } + $phrase = $_GET['search']; $_body = ''; From ad653af0829ccdd8ea65bc30a99700a2a3da1513 Mon Sep 17 00:00:00 2001 From: Lorenzo Yario Date: Thu, 9 May 2024 23:06:45 -0700 Subject: [PATCH 2/3] allow excluding searches from boards --- inc/config.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/inc/config.php b/inc/config.php index cf731b01..d3ad0157 100644 --- a/inc/config.php +++ b/inc/config.php @@ -1854,6 +1854,9 @@ // Boards for searching //$config['search']['boards'] = array('a', 'b', 'c', 'd', 'e'); + // Blacklist boards for searching, basically the opposite of the one above + //$config['search']['disallowed_boards'] = array('j', 'z'); + // Enable public logs? 0: NO, 1: YES, 2: YES, but drop names $config['public_logs'] = 0; From 21cbdfef0460a3da5c579e652d192c4be3296a38 Mon Sep 17 00:00:00 2001 From: Lorenzo Yario Date: Thu, 9 May 2024 23:19:50 -0700 Subject: [PATCH 3/3] change the search exclusion error to just be a blacklist via server side verification --- search.php | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/search.php b/search.php index e7970fc5..f114c37f 100644 --- a/search.php +++ b/search.php @@ -9,26 +9,21 @@ $queries_per_minutes_all = $config['search']['queries_per_minutes_all']; $search_limit = $config['search']['search_limit']; + //Is there a whitelist? Let's list those boards and if not, let's list everything. if (isset($config['search']['boards'])) { $boards = $config['search']['boards']; } else { $boards = listBoards(TRUE); } + + //Let's remove any disallowed boards from the above list (the blacklist) + if (isset($config['search']['disallowed_boards'])) { + $boards = array_values(array_diff($boards, $config['search']['disallowed_boards'])); + } $body = Element('search_form.html', Array('boards' => $boards, 'board' => isset($_GET['board']) ? $_GET['board'] : false, 'search' => isset($_GET['search']) ? str_replace('"', '"', utf8tohtml($_GET['search'])) : false)); - if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) { - - //Before we do any of that, is this a disallowed board? If so, don't allow people to peer into it. - if (in_array($_GET['board'], $config['search']['disallowed_boards'])) { - $body .= '

('._('Disallowed board.').')

'; - echo Element($config['file_page_template'], Array( - 'config'=>$config, - 'title'=>'Search', - 'body'=>$body, - )); - exit; - } + if(isset($_GET['search']) && !empty($_GET['search']) && isset($_GET['board']) && in_array($_GET['board'], $boards)) { $phrase = $_GET['search']; $_body = '';