natto1784/aslichan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[SECURITY] Lessen security impact

Browse Source 
post.php: misc fixes
This commit is contained in:
czaks
2017-05-17 14:03:48 -04:00
parent 37eaea6312
commit 736e982945
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
post.php
View File

@@ -210,7 +210,7 @@ if (isset($_POST['delete'])) {
error($config['error']['nodelete']);
foreach ($delete as &$id) {
$query = prepare(sprintf("SELECT `thread`, `time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query = prepare(sprintf("SELECT `id`,`thread`,`time`,`password` FROM ``posts_%s`` WHERE `id` = :id", $board['uri']));
$query->bindValue(':id', $id, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
@@ -240,7 +240,7 @@ if (isset($_POST['delete'])) {
deletePost($id);
modLog("User deleted his own post #$id");
}
_syslog(LOG_INFO, 'Deleted post: ' .
'/' . $board['dir'] . $config['dir']['res'] . link_for($post) . ($post['thread'] ? '#' . $id : '')
);
@@ -318,7 +318,7 @@ if (isset($_POST['delete'])) {
$post = $query->fetch(PDO::FETCH_ASSOC);
$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason));
$error = event('report', array('ip' => $_SERVER['REMOTE_ADDR'], 'board' => $board['uri'], 'post' => $post, 'reason' => $reason, 'link' => link_for($post)));
if ($error) {
error($error);